diff --git a/education/windows/take-tests-in-windows.md b/education/windows/take-tests-in-windows.md
index 8c46ac4b93..b43345436f 100644
--- a/education/windows/take-tests-in-windows.md
+++ b/education/windows/take-tests-in-windows.md
@@ -1,7 +1,7 @@
 ---
 title: Take tests and assessments in Windows
 description: Learn about the built-in Take a Test app for Windows and how to use it.
-ms.date: 02/29/2024
+ms.date: 11/11/2024
 ms.topic: how-to
 ---
 
@@ -9,11 +9,11 @@ ms.topic: how-to
 
 Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. To help schools with testing, Windows provides an application called **Take a Test**. The application is a secure browser that provides different features to help with testing, and can be configured to only allow access a specific URL or a list of URLs. When using Take a Test, students can't:
 
-- print, use screen capture, or text suggestions (unless enabled by the teacher or administrator)
-- access other applications
-- change system settings, such as display extension, notifications, updates
-- access Cortana
-- access content copied to the clipboard
+- Print, use screen capture, or text suggestions (unless enabled by the teacher or administrator)
+- Access other applications
+- Change system settings, such as display extension, notifications, updates
+- Access Cortana
+- Access content copied to the clipboard
 
 ## How to use Take a Test
 
@@ -22,7 +22,7 @@ There are different ways to use Take a Test, depending on the use case:
 - For lower stakes assessments, such a quick quiz in a class, a teacher can generate a *secure assessment URL* and share it with the students. Students can then open the URL to access the assessment through Take a Test. To learn more, see the next section: [Create a secure assessment link](#create-a-secure-assessment-link)
 - For higher stakes assessments, you can configure Windows devices to use a dedicated account for testing and execute Take a Test in a locked-down mode, called **kiosk mode**. Once signed in with the dedicated account, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. For more information, see [Configure Take a Test in kiosk mode](edu-take-a-test-kiosk-mode.md)
 
-:::image type="content" source="./images/takeatest/flow-chart.png" alt-text="Set up and user flow for the Take a Test app." border="false":::
+  :::image type="content" source="./images/takeatest/flow-chart.png" alt-text="Set up and user flow for the Take a Test app." border="false":::
 
 ## Create a secure assessment link
 
@@ -37,9 +37,9 @@ To create a secure assessment link to the test, there are two options:
 
 For this option, copy the assessment URL and open the web application <a href="https://aka.ms/create-a-take-a-test-link" target="_blank"><u>Customize your assessment URL</u></a>, where you can:
 
-- Paste the link to the assessment URL
-- Select the options you want to allow during the test
-- Generate the link by selecting the button Create link
+- Paste the link to the assessment URL.
+- Select the options you want to allow during the test.
+- Generate the link by selecting the button Create link.
 
 This is an ideal option for teachers who want to create a link to a specific assessment and share it with students using OneNote, for example.
 
@@ -67,7 +67,7 @@ To enable permissive mode, don't include `enforceLockdown` in the schema paramet
 
 ## Distribute the secure assessment link
 
-Once the link is created, it can be distributed through the web, email, OneNote, or any other method of your choosing.
+Once the link is created, it can be distributed through the web, email, OneNote, or any other method of your choice.
 
 For example, you can create and copy the shortcut to the assessment URL to the students' desktop.
 
@@ -85,4 +85,4 @@ To take the test, have the students open the link.
 
 Teachers can use **Microsoft Forms** to create tests. For more information, see [Create tests using Microsoft Forms](https://support.microsoft.com/en-us/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d).
 
-To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
\ No newline at end of file
+To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
diff --git a/windows/client-management/declared-configuration.md b/windows/client-management/declared-configuration.md
index a0a28f91ae..ec20778da6 100644
--- a/windows/client-management/declared-configuration.md
+++ b/windows/client-management/declared-configuration.md
@@ -121,7 +121,7 @@ If the processing of declared configuration document fails, the errors are logge
 
 - If the Document ID doesn't match between the `<LocURI>` and inside DeclaredConfiguration document, Admin event log shows an error message similar to:
 
-    `MDM Declared Configuration: End document parsing from CSP: Document Id: (DCA000B5-397D-40A1-AABF-40B25078A7F91), Scenario: (MSFTVPN), Version: (A0), Enrollment Id: (DAD70CC2-365B-450D-A8AB-2EB23F4300CC), Current User: (S-1-5-21-3436249567-4017981746-3373817415-1001), Schema: (1.0), Download URL: (), Scope: (0x1), Enroll Type: (0x1A), File size: (0xDE2), CSP Count: (0x1), URI Count: (0xF), Action Requested: (0x0), Model: (0x1), Result:(0x8000FFFF) Catastrophic failure.`
+    `MDM Declared Configuration: End document parsing from CSP: Document Id: (DCA000B5-397D-40A1-AABF-40B25078A7F91), Scenario: (MSFTVPN), Version: (A0), Enrollment Id: (DAD70CC2-365B-450D-A8AB-2EB23F4300CC), Current User: (S-1-5-21-1004336348-1177238915-682003330-1234), Schema: (1.0), Download URL: (), Scope: (0x1), Enroll Type: (0x1A), File size: (0xDE2), CSP Count: (0x1), URI Count: (0xF), Action Requested: (0x0), Model: (0x1), Result:(0x8000FFFF) Catastrophic failure.`
 
 - Any typo in the OMA-URI results in a failure. In this example, `TrafficFilterList` is specified instead of `TrafficFilterLists`, and Admin event log shows an error message similar to:
 
@@ -129,4 +129,4 @@ If the processing of declared configuration document fails, the errors are logge
 
     There's also another warning message in operational channel:
 
-    `MDM Declared Configuration: Function (DeclaredConfigurationExtension_PolicyCSPConfigureGivenCurrentDoc) operation (ErrorAtDocLevel: one or more CSPs failed) failed with (Unknown Win32 Error code: 0x82d00007)`
\ No newline at end of file
+    `MDM Declared Configuration: Function (DeclaredConfigurationExtension_PolicyCSPConfigureGivenCurrentDoc) operation (ErrorAtDocLevel: one or more CSPs failed) failed with (Unknown Win32 Error code: 0x82d00007).`
diff --git a/windows/client-management/images/8908044-recall-search.png b/windows/client-management/images/8908044-recall-search.png
new file mode 100644
index 0000000000..16ec5fda8b
Binary files /dev/null and b/windows/client-management/images/8908044-recall-search.png differ
diff --git a/windows/client-management/images/8908044-recall.png b/windows/client-management/images/8908044-recall.png
deleted file mode 100644
index 92c93c46cb..0000000000
Binary files a/windows/client-management/images/8908044-recall.png and /dev/null differ
diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md
index 82a405289c..f8a052962b 100644
--- a/windows/client-management/manage-recall.md
+++ b/windows/client-management/manage-recall.md
@@ -1,9 +1,9 @@
 ---
 title: Manage Recall for Windows clients
-description: Learn how to manage Recall for commercial environments using MDM and group policy. Learn about Recall features.
+description: Learn how to manage Recall for commercial environments and about Recall features.
 ms.topic: how-to
 ms.subservice: windows-copilot
-ms.date: 06/13/2024
+ms.date: 11/22/2024
 ms.author: mstewart
 author: mestew
 ms.collection:
@@ -18,72 +18,161 @@ appliesto:
 <!--8908044-->
 >**Looking for consumer information?** See [Retrace your steps with Recall](https://support.microsoft.com/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c).
 
-Recall allows you to search across time to find the content you need. Just describe how you remember it, and Recall retrieves the moment you saw it. Recall takes snapshots of your screen and stores them in a timeline. Snapshots are taken every five seconds while content on the screen is different from the previous snapshot. Snapshots are locally stored and locally analyzed on your PC. Recall's analysis allows you to search for content, including both images and text, using natural language.
+Recall (preview) allows users to search locally saved and locally analyzed snapshots of their screen using natural language. By default, Recall is disabled and removed on managed devices. IT admins can choose if they want to allow Recall to be used in their organizations and users, on their own, won't be able to enable it on their managed device if the Allow Recall policy is disabled. IT admins, on their own, can't start saving snapshots for end users. Recall is an opt-in experience that requires end user consent to save snapshots. Users can choose to enable or disable saving snapshots for themselves anytime. IT admins can only set policies that give users the option to enable saving snapshots and configure certain policies for Recall.
+
+This article provides information about Recall and how to manage it in a commercial environment.
 
 > [!NOTE]
-> Recall is coming soon through a post-launch Windows update. See [aka.ms/copilotpluspcs](https://aka.ms/copilotpluspcs). 
+> - Recall is now available in preview to Copilot+ PCs through the Windows Insider Program. For more information, see [Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel](https://blogs.windows.com/windows-insider/2024/11/22/previewing-recall-with-click-to-do-on-copilot-pcs-with-windows-insiders-in-the-dev-channel/).
+> - In-market commercial devices are defined as devices with an Enterprise (ENT) or Education (EDU) SKU or any premium SKU device that is managed by an IT administrator (whether via Microsoft Endpoint Manager or other endpoint management solution), has a volume license key, or is joined to a domain. Commercial devices during Out of Box Experience (OOBE) are defined as those with ENT or EDU SKU or any premium SKU device that has a volume license key or is Microsoft Entra joined. 
+> - Recall is optimized for select languages English, Chinese (simplified), French, German, Japanese, and Spanish. Content-based and storage limitations apply. For more information, see [https://aka.ms/copilotpluspcs](https://aka.ms/copilotpluspcs).
 
-When Recall opens the snapshot a user selected, it enables screenray, which runs on top of the saved snapshot. Screenray analyzes what's in the snapshot and allows users to interact with individual elements in the snapshot. For instance, users can copy text from the snapshot or send pictures from the snapshot to an app that supports `jpeg` files.
+## What is Recall?
 
-:::image type="content" source="images/8908044-recall.png" alt-text="Screenshot of Recall with search results displayed for a query about a restaurant that the user's friend sent them." lightbox="images/8908044-recall.png":::
+Recall (preview) allows you to search across time to find the content you need. Just describe how you remember it, and Recall retrieves the moment you saw it. Snapshots are taken periodically while content on the screen is different from the previous snapshot. The snapshots of your screen are organized into a timeline. Snapshots are locally stored and locally analyzed on your PC. Recall's analysis allows you to search for content, including both images and text, using natural language.
+
+When Recall opens a snapshot you selected, it enables Click to Do, which runs on top of the saved snapshot. Click to Do analyzes what's in the snapshot and allows you to interact with individual elements in the snapshot. For instance, you can copy text from the snapshot or send pictures from the snapshot to an app that supports `jpeg` files.
+
+:::image type="content" border="true" source="images/8908044-recall-search.png" alt-text="Screenshot of Recall with search results displayed for a query for a presentation with a red barn." lightbox="images/8908044-recall-search.png":::
+
+### Recall security and privacy architecture
+
+Privacy and security are built into Recall's design. With Copilot+ PCs, you get powerful AI that runs locally on the device. No internet or cloud connections are required or used to save and analyze snapshots. Snapshots aren't sent to Microsoft. Recall AI processing occurs locally, and snapshots are securely stored on the local device only.
+
+Recall doesn't share snapshots with other users that are signed into Windows on the same device and IT admins can't access or view the snapshots on end-user devices. Microsoft can't access or view the snapshots. Recall requires users to confirm their identity with [Windows Hello](https://support.microsoft.com/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0) before it launches and before accessing snapshots. At least one biometric sign-in option must be enabled for Windows Hello, either facial recognition or a fingerprint, to launch and use Recall. Before snapshots start getting saved to the device, users need to open Recall and authenticate. Recall takes advantage of just in time decryption protected by [Hello Enhanced Sign-in Security (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security). Snapshots and any associated information in the vector database are always encrypted. Encryption keys are protected via Trusted Platform Module (TPM), which is tied to the user's Windows Hello ESS identity, and can be used by operations within a secure environment called a [Virtualization-based Security Enclave (VBS Enclave)](/windows/win32/trusted-execution/vbs-enclaves). This means that other users can't access these keys and thus can't decrypt this information. Device Encryption or BitLocker are enabled by default on Windows 11. For more information, see [Recall security and privacy architecture in the Windows Experience Blog](https://blogs.windows.com/windowsexperience/?p=179096).
+
+When using Recall, the **Sensitive information filtering** setting is enabled by default to help ensure your data's confidentiality. This feature operates directly on your device, utilizing the NPU and the Microsoft Classification Engine (MCE) - the same technology leveraged by [Microsoft Purview](/purview/purview) for detecting and labeling sensitive information. When this setting is enabled, snapshots won't be saved when potentially sensitive information is detected. Most importantly, the sensitive information remains on the device at all times, regardless of whether the **Sensitive information filtering** setting is enabled or disabled. For more information about the types of potentially sensitive information, see [Reference for sensitive information filtering in Recall](recall-sensitive-information-filtering.md).
+
+In keeping with Microsoft's commitment to data privacy and security, all saved images and processed data are kept on the device and processed locally. However, Click to Do allows users to choose if they want to perform additional actions on their content.
+
+Click to Do allows users to choose to get more information about their selected content online. When users choose one of the following Click to Do actions, the selected content is sent to the online provider from the local device to complete the request:
+
+-	**Search the web**: Sends the selected content to the default search engine of the default browser
+-	**Open website**: Opens the selected website in the default browser
+-	**Visual search with Bing**: Sends the selected content to Bing visual search using the default browser. 
+
+When you choose to send info from Click to Do to an app, like Paint, Click to Do will temporarily save this info in order to complete the transfer. Click to Do creates a temporary file in the following location: 
+
+- `C:\Users\[username]\AppData\Local\Temp` 
+
+Temporary files may also be saved when you choose send feedback. These temporary files aren't saved long term. Click to Do doesn't keep any content from your screen after completing the requested action, but some basic telemetry is gathered to keep Click to Do secure, up to date, and working.
 
 ## System requirements
-Recall has the following minimum system requirements:
 
-- A [Copilot+ PC](https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs)
+Recall has the following minimum requirements:
+
+- A [Copilot+ PC](https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs) that meets the [Secured-core standard](/windows-hardware/design/device-experiences/oem-highly-secure-11)
+- 40 TOPs NPU ([neural processing unit](https://support.microsoft.com/windows/all-about-neural-processing-units-npus-e77a5637-7705-4915-96c8-0c6a975f9db4))
 - 16 GB RAM
 - 8 logical processors
 - 256 GB storage capacity
   - To enable Recall, you need at least 50 GB of space free
-  - Snapshot capture automatically pauses once the device has less than 25 GB of disk space
+  - Saving snapshots automatically pauses once the device has less than 25 GB of storage space
+- Users need to enable Device Encryption or BitLocker
+- Users need to enroll into [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) with at least one biometric sign-in option enabled in order to authenticate.
 
 ## Supported browsers
 
-Users need a supported browser for Recall to [filter websites](#user-controlled-settings-for-recall) and to automatically filter private browsing activity. Supported browsers, and their capabilities include:
+Users need a supported browser for Recall to [filter websites](#app-and-website-filtering-policies) and to automatically filter private browsing activity. Supported browsers, and their capabilities include:
 
-- **Microsoft Edge**: blocks websites and filters private browsing activity
-- **Firefox**: blocks websites and filters private browsing activity
-- **Opera**: blocks websites and filters private browsing activity
-- **Google Chrome**: blocks websites and filters private browsing activity
-- **Chromium based browsers** (124 or later): For Chromium-based browsers not listed above, filters private browsing activity only, doesn't block specific websites
+- **Microsoft Edge**: filters specified websites and filters private browsing activity
+- **Firefox**: filters specified websites and filters private browsing activity
+- **Opera**: filtered specified websites and filters private browsing activity
+- **Google Chrome**: filters specified websites and filters private browsing activity
+- **Chromium based browsers** (124 or later): For Chromium-based browsers not listed, filters private browsing activity only, doesn't filter specific websites
 
 
 ## Configure policies for Recall
 
-Organizations that aren't ready to use AI for historical analysis can disable it until they're ready with the **Turn off saving snapshots for Windows** policy. If snapshots were previously saved on a device, they'll be deleted when this policy is enabled. The following policy allows you to disable analysis of user content:
+By default, Recall is removed on commercially managed devices. If you want to allow Recall to be available for users in your organization and allow them to choose to save snapshots, you need to configure both the **Allow Recall to be enabled** and **Turn off saving snapshots for Windows** policies. Policies for Recall fall into the following general areas:
+
+- [Allow Recall and snapshots policies](#allow-recall-and-snapshots-policies)
+- [Storage policies](#storage-policies)
+- [App and website filtering policies](#app-and-website-filtering-policies)
+
+
+### Allow Recall and snapshots policies
+
+The **Allow Recall to be enabled** policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled and removed for managed devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own. If you disable this policy, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they'll be deleted when this policy is disabled. Removing Recall requires a device restart. If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users will be able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device.
 
 | &nbsp; | Setting  |
 |---|---|
-| **CSP** | ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) |
-| **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
-
-## Limitations
-
-In two specific scenarios, Recall captures snapshots that include InPrivate windows, blocked apps, and blocked websites. If Recall gets launched, or the **Now** option is selected in Recall, then a snapshot is taken even when InPrivate windows, blocked apps, and blocked websites are displayed. However, Recall doesn't save these snapshots. If you choose to send the information from this snapshot to another app, a temp file is created in `C:\Users\[username]\AppData\Local\Temp` to share the content. The temporary file is deleted once the content is transferred over the app you selected to use.
-
-## User controlled settings for Recall
-
-The following options are user controlled in Recall from the **Settings** > **Privacy & Security** > **Recall & Snapshots** page:
-
-- Website filtering
-- App filtering
-- Storage allocation
-    - When the storage limit is reached, the oldest snapshots are deleted first.
-- Deleting snapshots
-    - Delete all snapshots
-    - Delete snapshots within a specific time frame
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallEnablement](mdm/policy-csp-windowsai.md#allowrecallenablement) |
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow Recall to be enabled** |
 
 
-### Storage allocation
+The **Turn off saving snapshots for Windows** policy allows you to give the users the choice to save snapshots of their screen for use with Recall. Administrators can't enable saving snapshots on behalf of their users. The choice to enable saving snapshots requires individual user opt-in consent. By default, snapshots won't be saved for use with Recall. If snapshots were previously saved on a device, they'll be deleted when this policy is enabled. If you set this policy to disabled, end users will have a choice to save snapshots of their screen and use Recall to find things they've seen on their device.
 
-The amount of disk space users can allocate to Recall varies depending on how much storage the device has. The following chart shows the storage space options for Recall:
-
-| Device storage capacity | Storage allocation options for Recall |
+| &nbsp; | Setting  |
 |---|---|
-| 256 GB | 25 GB (default), 10 GB |
-| 512 GB | 75 GB (default), 50 GB, 25 GB |
-| 1 TB, or more | 150 GB (default), 100 GB, 75 GB, 50 GB, 25 GB |
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
 
+### Storage policies
+
+You can define how much disk space Recall can use by using the **Set maximum storage for snapshots used by Recall** policy. You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB. When the storage limit is reached, the oldest snapshots are deleted first. When this setting isn't configured, the OS configures the storage allocation for snapshots based on the device storage capacity. 25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.	
+
+| &nbsp; | Setting  |
+|---|---|
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br> User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** |
+
+You can define how long snapshots can be retained on the device by using the **Set maximum duration for storing snapshots used by Recall** policy. You can configure the maximum storage duration to be 30, 60, 90, or 180 days. If the policy isn't configured, snapshots aren't deleted until the maximum storage allocation is reached, and then the oldest snapshots are deleted first.
+
+| &nbsp; | Setting  |
+|---|---|
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum duration for storing snapshots used by Recall** |
+
+
+### App and website filtering policies
+
+You can filter both apps and websites from being saved in snapshots. Users are able to add to these filter lists from the **Recall & Snapshots** settings page. Some remote desktop connection clients are filtered by default from snapshots. For more information, see the [Remote desktop connection clients filtered from snapshots](#remote-desktop-connection-clients-filtered-from-snapshots) section.
+
+To filter websites from being saved in snapshots, use the **Set a list of URIs to be filtered from snapshots for Recall** policy. Define the list using a semicolon to separate URIs. Make sure you include the URL scheme such as `http://`, `file://`, `https://www.`. Sites local to a supported browser like `edge://`, or `chrome://`, are filtered by default. For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com`
+
+> [!NOTE]
+> - Private browsing activity is filtered by default when using [supported web browsers](#supported-browsers). 
+> - Be aware that websites are filtered when they are in the foreground or are in the currently opened tab of a supported browser. Parts of filtered websites can still appear in snapshots such as embedded content, the browser's history, or an opened tab that isn't in the foreground.
+> - Filtering doesn't prevent browsers, internet service providers (ISPs), websites, organizations, or others from knowing that the website was accessed and building a history.
+> - Changes to this policy take effect after device restart.
+
+| &nbsp; | Setting  |
+|---|---|
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyUriListForRecall](mdm/policy-csp-windowsai.md#setdenyurilistforrecall) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyUriListForRecall](mdm/policy-csp-windowsai.md#setdenyurilistforrecall)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **>Set a list of URIs to be filtered from snapshots for Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **>Set a list of URIs to be filtered from snapshots for Recall** |
+
+
+**Set a list of apps to be filtered from snapshots for Recall** policy allows you to filter apps from being saved in snapshots. Define the list using a semicolon to separate apps. The list can include Application User Model IDs (AUMID) or the name of the executable file. For example: `code.exe;Microsoft. WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe`
+
+> [!Note]
+> -	Like other Windows apps, such as the Snipping Tool, Recall won't store digital rights management (DRM) content.
+> - Changes to this policy take effect after device restart.
+
+| &nbsp; | Setting  |
+|---|---|
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall**|
+
+
+#### Remote desktop connection clients filtered from snapshots
+
+Snapshots won't be saved when remote desktop connection clients are used. The following remote desktop connection clients are filtered from snapshots:<!--9119193-->
+
+   - [Remote Desktop Connection (mstsc.exe)](/windows-server/administration/windows-commands/mstsc)
+   - [VMConnect.exe](/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect) 
+      - [Microsoft Remote Desktop from the Microsoft Store](/windows-server/remote/remote-desktop-services/clients/windows) is saved in snapshots. To prevent the app from being saved in snapshots, add it to the app filtering list.
+   - [Azure Virtual Desktop (MSI)](/azure/virtual-desktop/users/connect-windows) 
+      - [Azure Virtual Desktop apps from the Microsoft Store](/azure/virtual-desktop/users/connect-remote-desktop-client) are saved in snapshots. To prevent these apps from being saved in snapshots, add them to the app filtering list.
+  - [Remote applications integrated locally (RAIL)](/openspecs/windows_protocols/ms-rdperp/485e6f6d-2401-4a9c-9330-46454f0c5aba) windows
+  - [Windows App from the Microsoft Store](/windows-app/get-started-connect-devices-desktops-apps) is saved in snapshots. To prevent the app from being saved in snapshots, add it to the app filtering list.
+
+
+
+
+## Information for developers
+
+If you're a developer and want to launch Recall, you can call the `ms-recall` protocol URI. When you call this URI, Recall opens and takes a snapshot of the screen, which is the default behavior for when Recall is launched. For more information about using Recall in your Windows app, see [Recall overview](/windows/ai/apis/recall) in the Windows AI API documentation.
 
 ## Microsoft's commitment to responsible AI
 
@@ -91,6 +180,10 @@ Microsoft has been on a responsible AI journey since 2017, when we defined our p
 
 Recall uses optical character recognition (OCR), local to the PC, to analyze snapshots and facilitate search. For more information about OCR, see [Transparency note and use cases for OCR](/legal/cognitive-services/computer-vision/ocr-transparency-note). For more information about privacy and security, see [Privacy and control over your Recall experience](https://support.microsoft.com/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15).
 
-## Information for developers
-
-If you're a developer and want to launch Recall, you can call the `ms-recall` protocol URI. When you call this, Recall opens and takes a snapshot of the screen, which is the default behavior for when Recall is launched. For more information about using Recall in your Windows app, see [Recall overview](/windows/ai/apis/recall) in the Windows AI API documentation.
+## Related links
+- [Policy CSP - WindowsAI](/windows/client-management/mdm/policy-csp-windowsai)
+- [Update on Recall security and privacy architecture](https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/)
+- [Retrace your steps with Recall](https://support.microsoft.com/windows/aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c)
+- [Privacy and control over your Recall experience](https://support.microsoft.com/windows/d404f672-7647-41e5-886c-a3c59680af15)
+- [Click to Do in Recall](https://support.microsoft.com/topic/967304a8-32d1-4812-a904-fad59b5e6abf)
+- [Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel](https://blogs.windows.com/windows-insider/2024/11/22/previewing-recall-with-click-to-do-on-copilot-pcs-with-windows-insiders-in-the-dev-channel/)
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
index 57e70841a5..34a182dd13 100644
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -1,7 +1,7 @@
 ---
 title: Configuration service provider preview policies
 description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 11/05/2024
+ms.date: 11/22/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -137,9 +137,15 @@ This article lists the policies that are applicable for Windows Insider Preview
 
 ## WindowsAI
 
+- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
 - [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey)
+- [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall)
+- [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall)
+- [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)
+- [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)
 - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
 - [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
+- [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement)
 
 ## WindowsLicensing CSP
 
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 72d541101b..5db33c8daf 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 11/05/2024
+ms.date: 11/22/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -15,28 +15,103 @@ ms.date: 11/05/2024
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- WindowsAI-Editable-End -->
 
+<!-- AllowRecallEnablement-Begin -->
+## AllowRecallEnablement
+
+<!-- AllowRecallEnablement-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- AllowRecallEnablement-Applicability-End -->
+
+<!-- AllowRecallEnablement-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallEnablement
+```
+<!-- AllowRecallEnablement-OmaUri-End -->
+
+<!-- AllowRecallEnablement-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled for managed commercial devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own.
+
+- If this policy isn't configured, end users will have the Recall component in a disabled state.
+
+- If this policy is disabled, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they'll be deleted when this policy is disabled. Removing Recall requires a device restart.
+
+- If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users are able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device.
+<!-- AllowRecallEnablement-Description-End -->
+
+<!-- AllowRecallEnablement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowRecallEnablement-Editable-End -->
+
+<!-- AllowRecallEnablement-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowRecallEnablement-DFProperties-End -->
+
+<!-- AllowRecallEnablement-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Recall isn't available. |
+| 1 (Default) | Recall is available. |
+<!-- AllowRecallEnablement-AllowedValues-End -->
+
+<!-- AllowRecallEnablement-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowRecallEnablement |
+| Friendly Name | Allow Recall to be enabled |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | AllowRecallEnablement |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- AllowRecallEnablement-GpMapping-End -->
+
+<!-- AllowRecallEnablement-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowRecallEnablement-Examples-End -->
+
+<!-- AllowRecallEnablement-End -->
+
 <!-- DisableAIDataAnalysis-Begin -->
 ## DisableAIDataAnalysis
 
 <!-- DisableAIDataAnalysis-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DisableAIDataAnalysis-Applicability-End -->
 
 <!-- DisableAIDataAnalysis-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
 ```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
+```
 <!-- DisableAIDataAnalysis-OmaUri-End -->
 
 <!-- DisableAIDataAnalysis-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device.
+This policy setting allows you to determine whether snapshots of the screen can be saved for use with Recall. By default, snapshots for Recall aren't enabled. IT administrators can't, on their own, enable saving snapshots on behalf of their users. The choice to enable saving snapshots requires individual user opt-in consent.
 
-- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall.
+- If the policy isn't configured, snapshots won't be saved for use with Recall.
 
-- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall.
+- If you enable this policy, snapshots won't be saved for use with Recall. If snapshots were previously saved on the device, they'll be deleted when this policy is enabled.
+
+If you set this policy to disabled, end users will have a choice to save snapshots of their screen and use Recall to find things they've seen on their device.
 <!-- DisableAIDataAnalysis-Description-End -->
 
 <!-- DisableAIDataAnalysis-Editable-Begin -->
@@ -68,8 +143,8 @@ This policy setting allows you to control whether Windows saves snapshots of the
 | Name | Value |
 |:--|:--|
 | Name | DisableAIDataAnalysis |
-| Friendly Name | Turn off Saving Snapshots for Windows |
-| Location | User Configuration |
+| Friendly Name | Turn off saving snapshots for use with Recall |
+| Location | Computer and User Configuration |
 | Path | Windows Components > Windows AI |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
 | Registry Value Name | DisableAIDataAnalysis |
@@ -222,7 +297,7 @@ This policy setting allows you to control whether Image Creator functionality is
 <!-- SetCopilotHardwareKey-OmaUri-End -->
 
 <!-- SetCopilotHardwareKey-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 This policy setting determines which app opens when the user presses the Copilot key on their keyboard.
 
 - If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings.
@@ -249,7 +324,11 @@ This policy setting determines which app opens when the user presses the Copilot
 | Name | Value |
 |:--|:--|
 | Name | SetCopilotHardwareKey |
-| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
+| Friendly Name | Set Copilot Hardware Key |
+| Location | User Configuration |
+| Path | Windows Components > Windows Copilot |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CopilotKey |
+| ADMX File Name | WindowsCopilot.admx |
 <!-- SetCopilotHardwareKey-GpMapping-End -->
 
 <!-- SetCopilotHardwareKey-Examples-Begin -->
@@ -258,12 +337,297 @@ This policy setting determines which app opens when the user presses the Copilot
 
 <!-- SetCopilotHardwareKey-End -->
 
+<!-- SetDenyAppListForRecall-Begin -->
+## SetDenyAppListForRecall
+
+<!-- SetDenyAppListForRecall-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- SetDenyAppListForRecall-Applicability-End -->
+
+<!-- SetDenyAppListForRecall-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
+```
+<!-- SetDenyAppListForRecall-OmaUri-End -->
+
+<!-- SetDenyAppListForRecall-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy allows you to define a list of apps that won't be included in snapshots for Recall.
+
+Users are able to add additional applications to exclude from snapshots using Recall settings.
+
+The list can include Application User Model IDs (AUMID) or name of the executable file.
+
+Use a semicolon-separated list of apps to define the deny app list for Recall.
+
+For example: `code.exe;Microsoft.WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe`
+
+> [!IMPORTANT]
+> When configuring this policy setting, changes won't take effect until the device restarts.
+<!-- SetDenyAppListForRecall-Description-End -->
+
+<!-- SetDenyAppListForRecall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SetDenyAppListForRecall-Editable-End -->
+
+<!-- SetDenyAppListForRecall-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- SetDenyAppListForRecall-DFProperties-End -->
+
+<!-- SetDenyAppListForRecall-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetDenyAppListForRecall |
+| Friendly Name | Set a list of apps to be filtered from snapshots for Recall |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | SetDenyAppListForRecall |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- SetDenyAppListForRecall-GpMapping-End -->
+
+<!-- SetDenyAppListForRecall-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SetDenyAppListForRecall-Examples-End -->
+
+<!-- SetDenyAppListForRecall-End -->
+
+<!-- SetDenyUriListForRecall-Begin -->
+## SetDenyUriListForRecall
+
+<!-- SetDenyUriListForRecall-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- SetDenyUriListForRecall-Applicability-End -->
+
+<!-- SetDenyUriListForRecall-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
+```
+<!-- SetDenyUriListForRecall-OmaUri-End -->
+
+<!-- SetDenyUriListForRecall-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting lets you define a list of URIs that won't be included in snapshots for Recall when a supported browser is used. People within your organization can use Recall settings to add more websites to the list. Define the list using a semicolon to separate URIs.
+
+For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com`.
+
+Adding `https://www.WoodgroveBank.com` to the list would also filter `https://Account.WoodgroveBank.com` and `https://www.WoodgroveBank.com/Account`.
+
+> [!IMPORTANT]
+> Changes to this policy take effect after device restart.
+<!-- SetDenyUriListForRecall-Description-End -->
+
+<!-- SetDenyUriListForRecall-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SetDenyUriListForRecall-Editable-End -->
+
+<!-- SetDenyUriListForRecall-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- SetDenyUriListForRecall-DFProperties-End -->
+
+<!-- SetDenyUriListForRecall-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetDenyUriListForRecall |
+| Friendly Name | Set a list of URIs to be filtered from snapshots for Recall |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | SetDenyUriListForRecall |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- SetDenyUriListForRecall-GpMapping-End -->
+
+<!-- SetDenyUriListForRecall-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SetDenyUriListForRecall-Examples-End -->
+
+<!-- SetDenyUriListForRecall-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-Begin -->
+## SetMaximumStorageDurationForRecallSnapshots
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- SetMaximumStorageDurationForRecallSnapshots-Applicability-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
+```
+<!-- SetMaximumStorageDurationForRecallSnapshots-OmaUri-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to control the maximum amount of time (in days) that Windows saves snapshots for Recall.
+
+When the policy is enabled, you can configure the maximum storage duration to be 30, 60, 90, or 180 days.
+
+When this policy isn't configured, a time frame isn't set for deleting snapshots.
+
+Snapshots aren't deleted until the maximum storage allocation for Recall is reached, and then the oldest snapshots are deleted first.
+<!-- SetMaximumStorageDurationForRecallSnapshots-Description-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SetMaximumStorageDurationForRecallSnapshots-Editable-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- SetMaximumStorageDurationForRecallSnapshots-DFProperties-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Let the OS define the maximum amount of time the snapshots will be saved. |
+| 30 | 30 days. |
+| 60 | 60 days. |
+| 90 | 90 days. |
+| 180 | 180 days. |
+<!-- SetMaximumStorageDurationForRecallSnapshots-AllowedValues-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetMaximumStorageDurationForRecallSnapshots |
+| Friendly Name | Set maximum duration for storing snapshots used by Recall |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | SetMaximumStorageDurationForRecallSnapshots |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- SetMaximumStorageDurationForRecallSnapshots-GpMapping-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SetMaximumStorageDurationForRecallSnapshots-Examples-End -->
+
+<!-- SetMaximumStorageDurationForRecallSnapshots-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Begin -->
+## SetMaximumStorageSpaceForRecallSnapshots
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Applicability-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
+```
+<!-- SetMaximumStorageSpaceForRecallSnapshots-OmaUri-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to control the maximum amount of disk space that can be used by Windows to save snapshots for Recall.
+
+You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB.
+
+When this setting isn't configured, the OS configures the storage allocation for snapshots based on the device storage capacity.
+
+25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Description-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Editable-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- SetMaximumStorageSpaceForRecallSnapshots-DFProperties-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Let the OS define the maximum storage amount based on hard drive storage size. |
+| 10000 | 10GB. |
+| 25000 | 25GB. |
+| 50000 | 50GB. |
+| 75000 | 75GB. |
+| 100000 | 100GB. |
+| 150000 | 150GB. |
+<!-- SetMaximumStorageSpaceForRecallSnapshots-AllowedValues-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetMaximumStorageSpaceForRecallSnapshots |
+| Friendly Name | Set maximum storage for snapshots used by Recall |
+| Location | Computer and User Configuration |
+| Path | Windows Components > Windows AI |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
+| Registry Value Name | SetMaximumStorageSpaceForRecallSnapshots |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- SetMaximumStorageSpaceForRecallSnapshots-GpMapping-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SetMaximumStorageSpaceForRecallSnapshots-Examples-End -->
+
+<!-- SetMaximumStorageSpaceForRecallSnapshots-End -->
+
 <!-- TurnOffWindowsCopilot-Begin -->
 ## TurnOffWindowsCopilot
 
-> [!NOTE]
-> This policy is deprecated and may be removed in a future release.
-
 <!-- TurnOffWindowsCopilot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
@@ -282,7 +646,7 @@ This policy setting allows you to turn off Windows Copilot.
 
 - If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
 
-- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them.
+- If you disable or don't configure this policy setting, users are able to use Copilot when it's available to them.
 <!-- TurnOffWindowsCopilot-Description-End -->
 
 <!-- TurnOffWindowsCopilot-Editable-Begin -->
diff --git a/windows/client-management/recall-sensitive-information-filtering.md b/windows/client-management/recall-sensitive-information-filtering.md
new file mode 100644
index 0000000000..e6d8c32969
--- /dev/null
+++ b/windows/client-management/recall-sensitive-information-filtering.md
@@ -0,0 +1,190 @@
+---
+title: Sensitive information filtering in Recall
+description: Learn about the types of potentially sensitive information Recall detects.
+ms.topic: reference
+ms.subservice: windows-copilot
+ms.date: 11/22/2024
+ms.author: mstewart
+author: mestew
+ms.collection:
+  - windows-copilot
+  - magic-ai-copilot
+appliesto:
+- ✅ <a href="https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs" target="_blank">Copilot+ PCs</a>
+---
+
+
+# Reference for sensitive information filtering in Recall
+
+This article provides information about the types of potentially sensitive information that [Recall](manage-recall.md) detects when the **Sensitive Information Filtering** setting is enabled.
+
+## Types of potentially sensitive information
+
+Types of potentially sensitive information that Recall detects and filters include:
+
+ABA Routing Number </br>
+Argentina National Identity (DNI) Number </br>
+Argentina Unique Tax Identification Key (CUIT/CUIL) </br>
+Australia Bank Account Number </br>
+Australia Drivers License Number </br>
+Australia Tax File Number </br>
+Austria Driver's License Number </br>
+Austria Identity Card </br>
+Austria Social Security Number </br>
+Austria Tax Identification Number </br>
+Austria Value Added Tax </br>
+Azure Document DB Auth Key </br>
+Azure IAAS Database Connection String and Azure SQL Connection String </br>
+Azure IoT Connection String </br>
+Azure Redis Cache Connection String </br>
+Azure SAS </br>
+Azure Secrets (Generic) </br>
+Azure Service Bus Connection String </br>
+Azure Storage Account Key </br>
+Belgium Driver's License Number </br>
+Belgium National Number </br>
+Belgium Value Added Tax Number </br>
+Brazil CPF Number </br>
+Brazil Legal Entity Number (CNPJ) </br>
+Brazil National ID Card (RG) </br>
+Bulgaria Driver's License Number </br>
+Bulgaria Uniform Civil Number </br>
+Canada Bank Account Number </br>
+Canada Driver's License Number </br>
+Canada Social Insurance Number </br>
+Chile Identity Card Number </br>
+China Resident Identity Card (PRC) Number </br>
+Colombia National ID </br>
+Credit Card Number </br>
+Croatia Driver's License Number </br>
+Croatia Identity Card Number </br>
+Croatia Personal Identification (OIB) Number </br>
+Cyprus Driver's License Number </br>
+Cyprus Identity Card </br>
+Cyprus Tax Identification Number </br>
+Czech Driver's License Number </br>
+Czech Personal Identity Number </br>
+DEA Number </br>
+Denmark Driver's License Number </br>
+Denmark Personal Identification Number </br>
+Ecuador Unique Identification Number </br>
+Estonia Driver's License Number </br>
+Estonia Personal Identification Code </br>
+EU Debit Card Number </br>
+EU Driver's License Number </br>
+EU National Id Card </br>
+EU SSN or Equivalent Number </br>
+EU Tax File Number </br>
+Finland Driver's License Number </br>
+Finnish National ID </br>
+France CNI </br>
+France Driver's License Number </br>
+France INSEE </br>
+France Tax Identification Number (numéro SPI.) </br>
+France Value Added Tax Number </br>
+General Password </br>
+German Driver's License Number </br>
+Germany Identity Card Number </br>
+Germany Tax Identification Number </br>
+Germany Value Added Tax Number </br>
+Greece Driver's License Number </br>
+Greece National ID Card </br>
+Greece Social Security Number (AMKA) </br>
+Greek Tax Identification Number </br>
+Hong Kong Identity Card (HKID) number </br>
+Hungarian Social Security Number (TAJ) </br>
+Hungarian Value Added Tax Number </br>
+Hungary Driver's License Number </br>
+Hungary Personal Identification Number </br>
+Hungary Tax Identification Number </br>
+IBAN </br>
+India Driver's License Number </br>
+India GST number </br>
+India Permanent Account Number </br>
+India Unique Identification (Aadhaar) number </br>
+India Voter Id Card </br>
+Indonesia Drivers License Number </br>
+Indonesia Identity Card (KTP) Number </br>
+Ireland Driver's License Number </br>
+Ireland Personal Public Service (PPS) Number </br>
+Israel Bank Account Number </br>
+Israel National ID Number </br>
+Italy Driver's license Number </br>
+Italy Fiscal Code </br>
+Italy Value Added Tax </br>
+Japan Bank Account Number </br>
+Japan Driver's License Number </br>
+Japan Residence Card Number </br>
+Japan Resident Registration Number </br>
+Japan Social Insurance Number </br>
+Japanese My Number – Corporate </br>
+Japanese My Number – Personal </br>
+Latvia Driver's License Number </br>
+Latvia Personal Code </br>
+Lithuania Driver's License Number </br>
+Lithuania Personal Code </br>
+Luxembourg Driver's License Number </br>
+Luxembourg National Identification Number (Natural persons) </br>
+Luxembourg National Identification Number (Non-natural persons) </br>
+Malaysia ID Card Number </br>
+Malta Driver's License Number </br>
+Malta Identity Card Number </br>
+Malta Tax ID Number </br>
+Mexico Unique Population Registry Code (CURP) </br>
+Netherlands Citizen's Service (BSN) Number </br>
+Netherlands Driver's License Number </br>
+Netherlands Tax Identification Number </br>
+Netherlands Value Added Tax Number </br>
+New Zealand Bank Account Number </br>
+New Zealand Driver License Number </br>
+New Zealand Inland Revenue Number </br>
+Newzealand Social Welfare Number </br>
+Norway Identification Number </br>
+Philippines National ID </br>
+Philippines Passport Number </br>
+Philippines Unified Multi-Purpose ID number </br>
+Poland Driver's License Number </br>
+Poland Identity Card </br>
+Poland National ID (PESEL) </br>
+Poland Tax Identification Number </br>
+Polish REGON Number </br>
+Portugal Citizen Card Number </br>
+Portugal Driver's License Number </br>
+Portugal Tax Identification Number </br>
+Qatari ID Card Number </br>
+Romania Driver's License Number </br>
+Romania Personal Numerical Code (CNP) </br>
+Saudi Arabia National ID </br>
+Singapore Driving License Number </br>
+Singapore National Registration Identity Card (NRIC) Number </br>
+Slovakia Driver's License Number </br>
+Slovakia Personal Number </br>
+Slovenia Driver's License Number </br>
+Slovenia Tax Identification Number </br>
+Slovenia Unique Master Citizen Number </br>
+South Africa Identification Number </br>
+South Korea Driver's License Number </br>
+South Korea Resident Registration Number </br>
+Spain DNI </br>
+Spain Driver's License Number </br>
+Spain SSN </br>
+Spain Tax Identification Number </br>
+Sweden Driver's License Number </br>
+Sweden National ID </br>
+Sweden Tax Identification Number </br>
+SWIFT Code </br>
+Swiss SSN AHV Number </br>
+Taiwan Resident Certificate (ARC/TARC) </br>
+Taiwanese National ID </br>
+Thai Citizen ID </br>
+Turkish National Identity </br>
+U.K. Driver's License Number </br>
+U.K. Electoral Number </br>
+U.K. NHS Number </br>
+U.K. NINO </br>
+U.K. Unique Taxpayer Reference Number </br>
+U.S. Bank Account Number </br>
+U.S. Driver's License Number </br>
+U.S. Individual Taxpayer Identification Number (ITIN) </br>
+U.S. Social Security Number </br>
+UAE Identity Card Number </br>
diff --git a/windows/client-management/toc.yml b/windows/client-management/toc.yml
index 4aa913ef53..711bc21aea 100644
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@@ -51,7 +51,9 @@ items:
               - name: Updated Windows and Microsoft Copilot experience
                 href: manage-windows-copilot.md
               - name: Manage Recall
-                href: manage-recall.md                
+                href: manage-recall.md
+              - name: Reference for sensitive information filtering in Recall
+                href: recall-sensitive-information-filtering.md                                 
               - name: Secured-Core PC Configuration Lock
                 href: config-lock.md
               - name: Certificate renewal
diff --git a/windows/configuration/taskbar/xsd.md b/windows/configuration/taskbar/xsd.md
index 351c262871..da97f38e11 100644
--- a/windows/configuration/taskbar/xsd.md
+++ b/windows/configuration/taskbar/xsd.md
@@ -2,7 +2,7 @@
 title: Windows Taskbar XML Schema Definition (XSD)
 description: Reference article about the Taskbar XML schema definition (XSD).
 ms.topic: reference
-ms.date: 11/07/2024
+ms.date: 11/11/2024
 ---
 
 # Taskbar XML Schema Definition (XSD)
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index 9984fc897b..d91a00bbc2 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -70,9 +70,9 @@ Most commercial organizations understand the pain points outlined above, and dis
 
 Windows Update for Business solves the optional content problem. Optional content is published and available for acquisition by Windows Setup from a nearby Microsoft content delivery network and acquired using the Unified Update Platform. Optional content migration and acquisition scenarios just work when the device is connected to an update service that uses the Unified Update Platform, such as Windows Update or Windows Update for Business. If for some reason a language pack fails to install during the update, the update will automatically roll back.
 
-The [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/) is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is *unified* because it brings together the update stack for Windows client, Windows Server, and other products, such as HoloLens.
+The [Unified Update Platform](https://blogs.windows.com/windows-insider/2016/11/03/introducing-unified-update-platform-uup/) is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is *unified* because it brings together the update stack for Windows client, Windows Server, and other products, such as HoloLens.
 
-Consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes. Further, devices are immune to the challenge of upgrading Windows when the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. For more information about this issue, see [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) and the [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002).
+Consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes. Further, devices are immune to the challenge of upgrading Windows when the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. For more information about this issue, see [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/blog/windows-itpro-blog/upgrading-windows-10-devices-with-installation-media-different-than-the-original/746126).
 
 
 ### Option 2: Use WSUS with UUP Integration
@@ -115,7 +115,7 @@ You can customize the Windows image in these ways:
 - Adding or removing languages
 - Adding or removing Features on Demand
 
-The benefit of this option is that the Windows image can include those additional languages, language experience features, and other Features on Demand through one-time updates to the image. Then you can use them in an existing task sequence or custom deployment where `Setup.exe` is involved. The downside of this approach is that it requires some preparation of the image in advance, including scripting with DISM to install the additional packages. It also means the image is the same for all devices that consume it and might contain more features than some users need. For more information on customizing your media, see [Updating Windows 10 media with Dynamic Update packages](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/updating-windows-10-media-with-dynamic-update-packages/ba-p/982477) and the [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073). Also like Dynamic Update, you still have a solution for migration of optional content, but not supporting user-initiated optional content acquisition. Also, there's a variation of this option in which media is updated *on the device* just before installation. This option allows for device-specific image customization based on what's currently installed.
+The benefit of this option is that the Windows image can include those additional languages, language experience features, and other Features on Demand through one-time updates to the image. Then you can use them in an existing task sequence or custom deployment where `Setup.exe` is involved. The downside of this approach is that it requires some preparation of the image in advance, including scripting with DISM to install the additional packages. It also means the image is the same for all devices that consume it and might contain more features than some users need. For more information on customizing your media, see [Updating Windows 10 media with Dynamic Update packages](https://techcommunity.microsoft.com/blog/windows-itpro-blog/updating-windows-10-media-with-dynamic-update-packages/982477). Also like Dynamic Update, you still have a solution for migration of optional content, but not supporting user-initiated optional content acquisition. Also, there's a variation of this option in which media is updated *on the device* just before installation. This option allows for device-specific image customization based on what's currently installed.
 
 
 ### Option 5: Install language features during deployment
@@ -151,11 +151,9 @@ For more information about the Unified Update Platform and the approaches outlin
 - [/DynamicUpdate](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate)
 - [Configure a Windows Repair Source](/windows-hardware/manufacture/desktop/configure-a-windows-repair-source)
 - [Run custom actions during feature update](/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions)
-- [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/)
+- [Unified Update Platform](https://blogs.windows.com/windows-insider/2016/11/03/introducing-unified-update-platform-uup/)
 - [Updating Windows installation media with Dynamic Update packages](media-dynamic-update.md)
-- [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) 
-- [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073)  
-- [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002)
+- [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
 
 ## Sample scripts
 
diff --git a/windows/security/book/application-security-application-and-driver-control.md b/windows/security/book/application-security-application-and-driver-control.md
index 6435037d78..9efc2c0f96 100644
--- a/windows/security/book/application-security-application-and-driver-control.md
+++ b/windows/security/book/application-security-application-and-driver-control.md
@@ -1,6 +1,6 @@
 ---
-title: Application and driver control
-description: Windows 11 security book - Application and driver control.
+title: Windows 11 security book - Application and driver control
+description: Application and driver control.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md
index 6bc9c40284..67465c5c5e 100644
--- a/windows/security/book/application-security-application-isolation.md
+++ b/windows/security/book/application-security-application-isolation.md
@@ -1,6 +1,6 @@
 ---
-title: Application isolation
-description: Windows 11 security book - Application isolation.
+title: Windows 11 security book - Application isolation
+description: Application isolation.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
@@ -29,9 +29,9 @@ The first factor relates to implementing methods to manage access to files and p
 
 [!INCLUDE [learn-more](includes/learn-more.md)]
 
-- [Win32 app isolation][LINK-4]
+- [Win32 app isolation overview][LINK-4]
 - [Application Capability Profiler (ACP)][LINK-5]
-- [Learn how to adopt Win32 app isolation with Visual Studio][LINK-6]
+- [Packaging a Win32 app isolation application with Visual Studio][LINK-6]
 - [Sandboxing Python with Win32 app isolation][LINK-7]
 
 ## App containers
@@ -86,9 +86,9 @@ A **Virtualization-based security enclave** is a software-based trusted executio
 
 [LINK-1]: /windows/win32/secauthz/implementing-an-appcontainer
 [LINK-2]: /windows/win32/secauthz/access-control-lists
-[LINK-4]: https://github.com/microsoft/win32-app-isolation
-[LINK-5]: https://github.com/microsoft/win32-app-isolation/blob/main/docs/profiler/application-capability-profiler.md
-[LINK-6]: https://github.com/microsoft/win32-app-isolation/blob/main/docs/packaging/packaging-with-visual-studio.md
+[LINK-4]: /windows/win32/secauthz/app-isolation-overview
+[LINK-5]: /windows/win32/secauthz/app-isolation-capability-profiler
+[LINK-6]: /windows/win32/secauthz/app-isolation-packaging-with-vs
 [LINK-7]: https://blogs.windows.com/windowsdeveloper/2024/03/06/sandboxing-python-with-win32-app-isolation/
 [LINK-8]: /windows/apps/windows-app-sdk/migrate-to-windows-app-sdk/feature-mapping-table?source=recommendations
 [LINK-9]: /windows/security/threat-protection/windows-sandbox/windows-sandbox-overview
diff --git a/windows/security/book/application-security.md b/windows/security/book/application-security.md
index 450a054437..da054a7d5d 100644
--- a/windows/security/book/application-security.md
+++ b/windows/security/book/application-security.md
@@ -1,6 +1,6 @@
 ---
-title: Application security
-description: Windows 11 security book - Application security chapter.
+title: Windows 11 security book - Application security
+description: Application security chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/cloud-services-protect-your-personal-information.md b/windows/security/book/cloud-services-protect-your-personal-information.md
index 855a3e1e34..36707a697b 100644
--- a/windows/security/book/cloud-services-protect-your-personal-information.md
+++ b/windows/security/book/cloud-services-protect-your-personal-information.md
@@ -1,6 +1,6 @@
 ---
-title: Cloud services - Protect your personal information
-description: Windows 11 security book - Cloud services chapter - Protect your personal information.
+title: Windows 11 security book - Cloud services - Protect your personal information
+description: Cloud services chapter - Protect your personal information.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/cloud-services-protect-your-work-information.md b/windows/security/book/cloud-services-protect-your-work-information.md
index c695db60bd..033200a8f1 100644
--- a/windows/security/book/cloud-services-protect-your-work-information.md
+++ b/windows/security/book/cloud-services-protect-your-work-information.md
@@ -1,6 +1,6 @@
 ---
-title: Cloud services - Protect your work information
-description: Windows 11 security book - Cloud services chapter - Protect your work information.
+title: Windows 11 security book - Cloud services - Protect your work information
+description: Cloud services chapter - Protect your work information.
 ms.topic: overview
 ms.date: 11/04/2024
 ---
@@ -49,7 +49,7 @@ Every Windows device has a built-in local administrator account that must be sec
 - [Microsoft Entra ID documentation][LINK-1]
 - [Microsoft Entra plans and pricing][LINK-2]
 
-### :::image type="icon" source="images/microsoft-entra-private-access.svg" border="false":::  Microsoft Entra Private Access
+### Microsoft Entra Private Access
 
 Microsoft Entra Private Access provides organizations the ability to manage and give users access to private or internal fully qualified domain names (FQDNs) and IP addresses. With Private Access, you can modernize how your organization's users access private apps and resources. Remote workers don't need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them to the resources they need.
 
@@ -57,7 +57,7 @@ Microsoft Entra Private Access provides organizations the ability to manage and
 
 - [Microsoft Entra Private Access][LINK-4]
 
-### :::image type="icon" source="images/microsoft-entra-internet-access.svg" border="false":::  Microsoft Entra Internet Access
+### Microsoft Entra Internet Access
 
 Microsoft Entra Internet Access provides an identity-centric Secure Web Gateway (SWG) solution for Software as a Service (SaaS) applications and other Internet traffic. It protects users, devices, and data from the Internet's wide threat landscape with best-in-class security controls and visibility through Traffic Logs.
 
@@ -168,7 +168,7 @@ With Windows enrollment attestation, Microsoft Entra and Microsoft Intune certif
 
 - [Windows enrollment attestation][LINK-13]
 
-### :::image type="icon" source="images/microsoft-cloud-pki.svg" border="false"::: Microsoft Cloud PKI
+### Microsoft Cloud PKI
 
 Microsoft Cloud PKI is a cloud-based service included in the Microsoft Intune Suite<sup>[\[4\]](conclusion.md#footnote4)</sup> that simplifies and automates the management of a Public Key Infrastructure (PKI) for organizations. It eliminates the need for on-premises servers, hardware, and connectors, making it easier to set up and manage a PKI compared to, for instance, Microsoft Active Directory Certificate Services (AD CS) combined with the Certificate Connector for Microsoft Intune.
 
@@ -185,7 +185,7 @@ With Microsoft Cloud PKI, organizations can accelerate their digital transformat
 
 - [Overview of Microsoft Cloud PKI for Microsoft Intune](/mem/intune/protect/microsoft-cloud-pki-overview)
 
-### :::image type="icon" source="images/endpoint-privilege-management.svg" border="false"::: Endpoint Privilege Management (EPM)
+### Endpoint Privilege Management (EPM)
 
 Intune Endpoint Privilege Management supports organizations' Zero Trust journeys by helping them achieve a broad user base running with least privilege, while still permitting users to run elevated tasks allowed by the organization to remain productive.
 
diff --git a/windows/security/book/cloud-services.md b/windows/security/book/cloud-services.md
index 4b525daacc..cd8be85df1 100644
--- a/windows/security/book/cloud-services.md
+++ b/windows/security/book/cloud-services.md
@@ -1,6 +1,6 @@
 ---
-title: Cloud services
-description: Windows 11 security book - Cloud services chapter.
+title: Windows 11 security book - Cloud services
+description: Cloud services chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/conclusion.md b/windows/security/book/conclusion.md
index 47c50c6916..7a9d69992d 100644
--- a/windows/security/book/conclusion.md
+++ b/windows/security/book/conclusion.md
@@ -1,5 +1,5 @@
 ---
-title: Conclusion
+title: Windows 11 security book - Conclusion
 description: Windows 11 security book conclusion.
 ms.topic: overview
 ms.date: 11/18/2024
diff --git a/windows/security/book/features-index.md b/windows/security/book/features-index.md
index 478367613e..09081404bf 100644
--- a/windows/security/book/features-index.md
+++ b/windows/security/book/features-index.md
@@ -1,5 +1,5 @@
 ---
-title: Features index
+title: Windows 11 security book - Features index
 description: Windows security book features index.
 ms.topic: overview
 ms.date: 11/18/2024
@@ -7,4 +7,4 @@ ms.date: 11/18/2024
 
 # Features index
 
-[5G and eSIM](operating-system-security-network-security.md#5g-and-esim)<br>[Access management and control](identity-protection-advanced-credential-protection.md#access-management-and-control)<br>[Account lockout policies](identity-protection-advanced-credential-protection.md#account-lockout-policies)<br>[Administrator protection](application-security-application-and-driver-control.md#-administrator-protection)<br>[App containers](application-security-application-isolation.md#app-containers)<br>[App Control for Business](application-security-application-and-driver-control.md#app-control-for-business)<br>[Attack surface reduction rules](operating-system-security-virus-and-threat-protection.md#attack-surface-reduction-rules)<br>[Azure Attestation service](cloud-services-protect-your-work-information.md#-azure-attestation-service)<br>[BitLocker To Go](operating-system-security-encryption-and-data-protection.md#bitlocker-to-go)<br>[BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker)<br>[Bluetooth protection](operating-system-security-network-security.md#bluetooth-protection)<br>[Certificates](operating-system-security-system-security.md#certificates)<br>[Cloud-native device management](cloud-services-protect-your-work-information.md#cloud-native-device-management)<br>[Code signing and integrity](operating-system-security-system-security.md#code-signing-and-integrity)<br>[Common Criteria (CC)](security-foundation-certification.md#common-criteria-cc)<br>[Config Refresh](operating-system-security-system-security.md#-config-refresh)<br>[Controlled folder access](operating-system-security-virus-and-threat-protection.md#controlled-folder-access)<br>[Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard)<br>[Cryptography](operating-system-security-system-security.md#cryptography)<br>[Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)<br>[Device Health Attestation](operating-system-security-system-security.md#device-health-attestation)<br>[Domain Name System (DNS) security](operating-system-security-network-security.md#domain-name-system-dns-security)<br>[Email encryption](operating-system-security-encryption-and-data-protection.md#email-encryption)<br>[Encrypted hard drive](operating-system-security-encryption-and-data-protection.md#encrypted-hard-drive)<br>[Enhanced phishing protection in Microsoft Defender SmartScreen](identity-protection-passwordless-sign-in.md#enhanced-phishing-protection-in-microsoft-defender-smartscreen)<br>[Enhanced Sign-in Security (ESS)](identity-protection-passwordless-sign-in.md#enhanced-sign-in-security-ess)<br>[Exploit Protection](operating-system-security-virus-and-threat-protection.md#exploit-protection)<br>[Federal Information Processing Standard (FIPS)](security-foundation-certification.md#federal-information-processing-standard-fips)<br>[Federated sign-in](identity-protection-passwordless-sign-in.md#federated-sign-in)<br>[FIDO2](identity-protection-passwordless-sign-in.md#fido2)<br>[Find my device](cloud-services-protect-your-personal-information.md#find-my-device)<br>[Kernel direct memory access (DMA) protection](hardware-security-silicon-assisted-security.md#kernel-direct-memory-access-dma-protection)<br>[Kiosk mode](operating-system-security-system-security.md#kiosk-mode)<br>[Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection)<br>[Microsoft account](cloud-services-protect-your-personal-information.md#microsoft-account)<br>[Microsoft Authenticator](identity-protection-passwordless-sign-in.md#microsoft-authenticator)<br>[Microsoft Cloud PKI](cloud-services-protect-your-work-information.md#-microsoft-cloud-pki)<br>[Microsoft Defender Antivirus](operating-system-security-virus-and-threat-protection.md#microsoft-defender-antivirus)<br>[Microsoft Defender for Endpoint](cloud-services-protect-your-work-information.md#-microsoft-defender-for-endpoint)<br>[Microsoft Defender SmartScreen](operating-system-security-virus-and-threat-protection.md#microsoft-defender-smartscreen)<br>[Microsoft Entra ID](cloud-services-protect-your-work-information.md#-microsoft-entra-id)<br>[Microsoft Intune](cloud-services-protect-your-work-information.md#-microsoft-intune)<br>[Microsoft Offensive Research and Security Engineering](security-foundation-offensive-research.md#microsoft-offensive-research-and-security-engineering)<br>[Microsoft Pluton security processor](hardware-security-hardware-root-of-trust.md#microsoft-pluton-security-processor)<br>[Microsoft Privacy Dashboard](privacy-controls.md#microsoft-privacy-dashboard)<br>[Microsoft Security Development Lifecycle (SDL)](security-foundation-offensive-research.md#microsoft-security-development-lifecycle-sdl)<br>[Microsoft vulnerable driver blocklist](application-security-application-and-driver-control.md#microsoft-vulnerable-driver-blocklist)<br>[Network protection](operating-system-security-virus-and-threat-protection.md#network-protection)<br>[OneDrive for personal](cloud-services-protect-your-personal-information.md#onedrive-for-personal)<br>[OneDrive for work or school](cloud-services-protect-your-work-information.md#-onedrive-for-work-or-school)<br>[OneFuzz service](security-foundation-offensive-research.md#onefuzz-service)<br>[Personal Data Encryption](operating-system-security-encryption-and-data-protection.md#personal-data-encryption)<br>[Personal Vault](cloud-services-protect-your-personal-information.md#personal-vault)<br>[Privacy resource usage](privacy-controls.md#privacy-resource-usage)<br>[Privacy transparency and controls](privacy-controls.md#privacy-transparency-and-controls)<br>[Remote Credential Guard](identity-protection-advanced-credential-protection.md#remote-credential-guard)<br>[Remote Wipe](cloud-services-protect-your-work-information.md#remote-wipe)<br>[Rust for Windows](operating-system-security-system-security.md#-rust-for-windows)<br>[Secure Future Initiative (SFI)](security-foundation-offensive-research.md#secure-future-initiative-sfi)<br>[Secured kernel](hardware-security-silicon-assisted-security.md#secured-kernel)<br>[Secured-core PC and Edge Secured-Core](hardware-security-silicon-assisted-security.md#secured-core-pc-and-edge-secured-core)<br>[Security baselines](cloud-services-protect-your-work-information.md#security-baselines)<br>[Server Message Block file services](operating-system-security-network-security.md#server-message-block-file-services)<br>[Smart App Control](application-security-application-and-driver-control.md#smart-app-control)<br>[Smart cards](identity-protection-passwordless-sign-in.md#smart-cards)<br>[Software bill of materials (SBOM)](security-foundation-secure-supply-chain.md#software-bill-of-materials-sbom)<br>[Tamper protection](operating-system-security-virus-and-threat-protection.md#tamper-protection)<br>[Token protection (preview)](identity-protection-advanced-credential-protection.md#token-protection-preview)<br>[Transport Layer Security (TLS)](operating-system-security-network-security.md#transport-layer-security-tls)<br>[Trusted Boot (Secure Boot + Measured Boot)](operating-system-security-system-security.md#trusted-boot-secure-boot--measured-boot)<br>[Trusted Platform Module (TPM)](hardware-security-hardware-root-of-trust.md#trusted-platform-module-tpm)<br>[Trusted Signing](application-security-application-and-driver-control.md#-trusted-signing)<br>[Universal Print](cloud-services-protect-your-work-information.md#-universal-print)<br>[VBS key protection](identity-protection-advanced-credential-protection.md#-vbs-key-protection)<br>[Virtual private networks (VPN)](operating-system-security-network-security.md#virtual-private-networks-vpn)<br>[Virtualization-based security enclaves](application-security-application-isolation.md#-virtualization-based-security-enclaves)<br>[Web sign-in](identity-protection-passwordless-sign-in.md#web-sign-in)<br>[Wi-Fi connections](operating-system-security-network-security.md#wi-fi-connections)<br>[Win32 app isolation](application-security-application-isolation.md#-win32-app-isolation)<br>[Windows Autopatch](cloud-services-protect-your-work-information.md#windows-autopatch)<br>[Windows Autopilot](cloud-services-protect-your-work-information.md#windows-autopilot)<br>[Windows diagnostic data processor configuration](privacy-controls.md#windows-diagnostic-data-processor-configuration)<br>[Windows enrollment attestation](cloud-services-protect-your-work-information.md#windows-enrollment-attestation)<br>[Windows Firewall](operating-system-security-network-security.md#windows-firewall)<br>[Windows Hello for Business](identity-protection-passwordless-sign-in.md#windows-hello-for-business)<br>[Windows Hello](identity-protection-passwordless-sign-in.md#windows-hello)<br>[Windows Hotpatch](cloud-services-protect-your-work-information.md#-windows-hotpatch)<br>[Windows Insider and Microsoft Bug Bounty Programs](security-foundation-offensive-research.md#windows-insider-and-microsoft-bug-bounty-programs)<br>[Windows Local Administrator Password Solution (LAPS)](cloud-services-protect-your-work-information.md#windows-local-administrator-password-solution-laps)<br>[Windows presence sensing](identity-protection-passwordless-sign-in.md#windows-presence-sensing)<br>[Windows protected print](operating-system-security-system-security.md#-windows-protected-print)<br>[Windows Sandbox](application-security-application-isolation.md#windows-sandbox)<br>[Windows security policy settings and auditing](operating-system-security-system-security.md#windows-security-policy-settings-and-auditing)<br>[Windows Security](operating-system-security-system-security.md#windows-security)<br>[Windows Software Development Kit (SDK)](security-foundation-secure-supply-chain.md#windows-software-development-kit-sdk)<br>[Windows Subsystem for Linux (WSL)](application-security-application-isolation.md#windows-subsystem-for-linux-wsl)<br>[Windows Update for Business](cloud-services-protect-your-work-information.md#windows-update-for-business)
\ No newline at end of file
+[5G and eSIM](operating-system-security-network-security.md#5g-and-esim)<br>[Access management and control](identity-protection-advanced-credential-protection.md#access-management-and-control)<br>[Account lockout policies](identity-protection-advanced-credential-protection.md#account-lockout-policies)<br>[Administrator protection](application-security-application-and-driver-control.md#-administrator-protection)<br>[App containers](application-security-application-isolation.md#app-containers)<br>[App Control for Business](application-security-application-and-driver-control.md#app-control-for-business)<br>[Attack surface reduction rules](operating-system-security-virus-and-threat-protection.md#attack-surface-reduction-rules)<br>[Azure Attestation service](cloud-services-protect-your-work-information.md#-azure-attestation-service)<br>[BitLocker To Go](operating-system-security-encryption-and-data-protection.md#bitlocker-to-go)<br>[BitLocker](operating-system-security-encryption-and-data-protection.md#bitlocker)<br>[Bluetooth protection](operating-system-security-network-security.md#bluetooth-protection)<br>[Certificates](operating-system-security-system-security.md#certificates)<br>[Cloud-native device management](cloud-services-protect-your-work-information.md#cloud-native-device-management)<br>[Code signing and integrity](operating-system-security-system-security.md#code-signing-and-integrity)<br>[Common Criteria (CC)](security-foundation-certification.md#common-criteria-cc)<br>[Config Refresh](operating-system-security-system-security.md#-config-refresh)<br>[Controlled folder access](operating-system-security-virus-and-threat-protection.md#controlled-folder-access)<br>[Credential Guard](identity-protection-advanced-credential-protection.md#credential-guard)<br>[Cryptography](operating-system-security-system-security.md#cryptography)<br>[Device Encryption](operating-system-security-encryption-and-data-protection.md#device-encryption)<br>[Device Health Attestation](operating-system-security-system-security.md#device-health-attestation)<br>[Domain Name System (DNS) security](operating-system-security-network-security.md#domain-name-system-dns-security)<br>[Email encryption](operating-system-security-encryption-and-data-protection.md#email-encryption)<br>[Encrypted hard drive](operating-system-security-encryption-and-data-protection.md#encrypted-hard-drive)<br>[Enhanced phishing protection in Microsoft Defender SmartScreen](identity-protection-passwordless-sign-in.md#enhanced-phishing-protection-in-microsoft-defender-smartscreen)<br>[Enhanced Sign-in Security (ESS)](identity-protection-passwordless-sign-in.md#enhanced-sign-in-security-ess)<br>[Exploit Protection](operating-system-security-virus-and-threat-protection.md#exploit-protection)<br>[Federal Information Processing Standard (FIPS)](security-foundation-certification.md#federal-information-processing-standard-fips)<br>[Federated sign-in](identity-protection-passwordless-sign-in.md#federated-sign-in)<br>[FIDO2](identity-protection-passwordless-sign-in.md#fido2)<br>[Find my device](cloud-services-protect-your-personal-information.md#find-my-device)<br>[Kernel direct memory access (DMA) protection](hardware-security-silicon-assisted-security.md#kernel-direct-memory-access-dma-protection)<br>[Kiosk mode](operating-system-security-system-security.md#kiosk-mode)<br>[Local Security Authority (LSA) protection](identity-protection-advanced-credential-protection.md#local-security-authority-lsa-protection)<br>[Microsoft account](cloud-services-protect-your-personal-information.md#microsoft-account)<br>[Microsoft Authenticator](identity-protection-passwordless-sign-in.md#microsoft-authenticator)<br>[Microsoft Cloud PKI](cloud-services-protect-your-work-information.md#microsoft-cloud-pki)<br>[Microsoft Defender Antivirus](operating-system-security-virus-and-threat-protection.md#microsoft-defender-antivirus)<br>[Microsoft Defender for Endpoint](cloud-services-protect-your-work-information.md#-microsoft-defender-for-endpoint)<br>[Microsoft Defender SmartScreen](operating-system-security-virus-and-threat-protection.md#microsoft-defender-smartscreen)<br>[Microsoft Entra ID](cloud-services-protect-your-work-information.md#-microsoft-entra-id)<br>[Microsoft Intune](cloud-services-protect-your-work-information.md#-microsoft-intune)<br>[Microsoft Offensive Research and Security Engineering](security-foundation-offensive-research.md#microsoft-offensive-research-and-security-engineering)<br>[Microsoft Pluton security processor](hardware-security-hardware-root-of-trust.md#microsoft-pluton-security-processor)<br>[Microsoft Privacy Dashboard](privacy-controls.md#microsoft-privacy-dashboard)<br>[Microsoft Security Development Lifecycle (SDL)](security-foundation-offensive-research.md#microsoft-security-development-lifecycle-sdl)<br>[Microsoft vulnerable driver blocklist](application-security-application-and-driver-control.md#microsoft-vulnerable-driver-blocklist)<br>[Network protection](operating-system-security-virus-and-threat-protection.md#network-protection)<br>[OneDrive for personal](cloud-services-protect-your-personal-information.md#onedrive-for-personal)<br>[OneDrive for work or school](cloud-services-protect-your-work-information.md#-onedrive-for-work-or-school)<br>[OneFuzz service](security-foundation-offensive-research.md#onefuzz-service)<br>[Personal Data Encryption](operating-system-security-encryption-and-data-protection.md#personal-data-encryption)<br>[Personal Vault](cloud-services-protect-your-personal-information.md#personal-vault)<br>[Privacy resource usage](privacy-controls.md#privacy-resource-usage)<br>[Privacy transparency and controls](privacy-controls.md#privacy-transparency-and-controls)<br>[Remote Credential Guard](identity-protection-advanced-credential-protection.md#remote-credential-guard)<br>[Remote Wipe](cloud-services-protect-your-work-information.md#remote-wipe)<br>[Rust for Windows](operating-system-security-system-security.md#-rust-for-windows)<br>[Secure Future Initiative (SFI)](security-foundation-offensive-research.md#secure-future-initiative-sfi)<br>[Secured kernel](hardware-security-silicon-assisted-security.md#secured-kernel)<br>[Secured-core PC and Edge Secured-Core](hardware-security-silicon-assisted-security.md#secured-core-pc-and-edge-secured-core)<br>[Security baselines](cloud-services-protect-your-work-information.md#security-baselines)<br>[Server Message Block file services](operating-system-security-network-security.md#server-message-block-file-services)<br>[Smart App Control](application-security-application-and-driver-control.md#smart-app-control)<br>[Smart cards](identity-protection-passwordless-sign-in.md#smart-cards)<br>[Software bill of materials (SBOM)](security-foundation-secure-supply-chain.md#software-bill-of-materials-sbom)<br>[Tamper protection](operating-system-security-virus-and-threat-protection.md#tamper-protection)<br>[Token protection (preview)](identity-protection-advanced-credential-protection.md#token-protection-preview)<br>[Transport Layer Security (TLS)](operating-system-security-network-security.md#transport-layer-security-tls)<br>[Trusted Boot (Secure Boot + Measured Boot)](operating-system-security-system-security.md#trusted-boot-secure-boot--measured-boot)<br>[Trusted Platform Module (TPM)](hardware-security-hardware-root-of-trust.md#trusted-platform-module-tpm)<br>[Trusted Signing](application-security-application-and-driver-control.md#-trusted-signing)<br>[Universal Print](cloud-services-protect-your-work-information.md#-universal-print)<br>[VBS key protection](identity-protection-advanced-credential-protection.md#-vbs-key-protection)<br>[Virtual private networks (VPN)](operating-system-security-network-security.md#virtual-private-networks-vpn)<br>[Virtualization-based security enclaves](application-security-application-isolation.md#-virtualization-based-security-enclaves)<br>[Web sign-in](identity-protection-passwordless-sign-in.md#web-sign-in)<br>[Wi-Fi connections](operating-system-security-network-security.md#wi-fi-connections)<br>[Win32 app isolation](application-security-application-isolation.md#-win32-app-isolation)<br>[Windows Autopatch](cloud-services-protect-your-work-information.md#windows-autopatch)<br>[Windows Autopilot](cloud-services-protect-your-work-information.md#windows-autopilot)<br>[Windows diagnostic data processor configuration](privacy-controls.md#windows-diagnostic-data-processor-configuration)<br>[Windows enrollment attestation](cloud-services-protect-your-work-information.md#windows-enrollment-attestation)<br>[Windows Firewall](operating-system-security-network-security.md#windows-firewall)<br>[Windows Hello for Business](identity-protection-passwordless-sign-in.md#windows-hello-for-business)<br>[Windows Hello](identity-protection-passwordless-sign-in.md#windows-hello)<br>[Windows Hotpatch](cloud-services-protect-your-work-information.md#-windows-hotpatch)<br>[Windows Insider and Microsoft Bug Bounty Programs](security-foundation-offensive-research.md#windows-insider-and-microsoft-bug-bounty-programs)<br>[Windows Local Administrator Password Solution (LAPS)](cloud-services-protect-your-work-information.md#windows-local-administrator-password-solution-laps)<br>[Windows presence sensing](identity-protection-passwordless-sign-in.md#windows-presence-sensing)<br>[Windows protected print](operating-system-security-system-security.md#-windows-protected-print)<br>[Windows Sandbox](application-security-application-isolation.md#windows-sandbox)<br>[Windows security policy settings and auditing](operating-system-security-system-security.md#windows-security-policy-settings-and-auditing)<br>[Windows Security](operating-system-security-system-security.md#windows-security)<br>[Windows Software Development Kit (SDK)](security-foundation-secure-supply-chain.md#windows-software-development-kit-sdk)<br>[Windows Subsystem for Linux (WSL)](application-security-application-isolation.md#windows-subsystem-for-linux-wsl)<br>[Windows Update for Business](cloud-services-protect-your-work-information.md#windows-update-for-business)
\ No newline at end of file
diff --git a/windows/security/book/hardware-security-hardware-root-of-trust.md b/windows/security/book/hardware-security-hardware-root-of-trust.md
index fb31256cfc..1b2345a22b 100644
--- a/windows/security/book/hardware-security-hardware-root-of-trust.md
+++ b/windows/security/book/hardware-security-hardware-root-of-trust.md
@@ -1,6 +1,6 @@
 ---
-title: Hardware root-of-trust
-description: Windows 11 security book - Hardware root-of-trust.
+title: Windows 11 security book - Hardware root-of-trust
+description: Hardware root-of-trust.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md
index 40d2e4935b..da7cf92de1 100644
--- a/windows/security/book/hardware-security-silicon-assisted-security.md
+++ b/windows/security/book/hardware-security-silicon-assisted-security.md
@@ -1,6 +1,6 @@
 ---
-title: Silicon assisted security
-description: Windows 11 security book - Silicon assisted security.
+title: Windows 11 security book - Silicon assisted security
+description: Silicon assisted security.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/hardware-security.md b/windows/security/book/hardware-security.md
index f9acd73d1e..7d1f8669b1 100644
--- a/windows/security/book/hardware-security.md
+++ b/windows/security/book/hardware-security.md
@@ -1,6 +1,6 @@
 ---
-title: Hardware security
-description: Windows 11 security book - Hardware security chapter.
+title: Windows 11 security book - Hardware security
+description: Hardware security chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/identity-protection-advanced-credential-protection.md b/windows/security/book/identity-protection-advanced-credential-protection.md
index 7194409637..0e35e41bc8 100644
--- a/windows/security/book/identity-protection-advanced-credential-protection.md
+++ b/windows/security/book/identity-protection-advanced-credential-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Identity protection - Advanced credential protection
-description: Windows 11 security book - Identity protection chapter.
+title: Windows 11 security book - Advanced credential protection
+description: Identity protection chapter - Advanced credential protection.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/identity-protection-passwordless-sign-in.md b/windows/security/book/identity-protection-passwordless-sign-in.md
index a8a6104572..5187c49058 100644
--- a/windows/security/book/identity-protection-passwordless-sign-in.md
+++ b/windows/security/book/identity-protection-passwordless-sign-in.md
@@ -1,6 +1,6 @@
 ---
-title: Identity protection - Passwordless sign-in
-description: Windows 11 security book - Identity protection chapter.
+title: Windows 11 security book - Passwordless sign-in
+description: Identity protection chapter - Passwordless sign-in.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/identity-protection.md b/windows/security/book/identity-protection.md
index 03248b2db3..41d1b6bca6 100644
--- a/windows/security/book/identity-protection.md
+++ b/windows/security/book/identity-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Identity protection
-description: Windows 11 security book - Identity protection chapter.
+title: Windows 11 security book - Identity protection
+description: Identity protection chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
@@ -9,7 +9,7 @@ ms.date: 11/18/2024
 
 :::image type="content" source="images/identity-protection-cover.png" alt-text="Cover of the identity protection chapter." border="false":::
 
-Employes are increasingly targets for cyberattacks in organizations, making identity protection a priority. Weak or reused passwords, password spraying, social engineering, and phishing are just a few of the risks businesses face today. 
+Employes are increasingly targets for cyberattacks in organizations, making identity protection a priority. Weak or reused passwords, password spraying, social engineering, and phishing are just a few of the risks businesses face today.
 
 Identity protection in Windows 11 continuously evolves to provide organizations with the latest defenses, including Windows Hello for Business passwordless and Windows Hello Enhanced Sign-in Security (ESS). By leveraging these powerful identity safeguards, organizations of all sizes can reduce the risk of credential theft and unauthorized access to devices, data, and other company resources.
 
diff --git a/windows/security/book/images/azure-attestation.svg b/windows/security/book/images/azure-attestation.svg
index 0d5ef702de..c4df2e11d2 100644
--- a/windows/security/book/images/azure-attestation.svg
+++ b/windows/security/book/images/azure-attestation.svg
@@ -1,17 +1,17 @@
-<svg width="49" height="32" viewBox="0 0 49 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M37.4071 14.9238C37.4071 23.516 27.0194 30.4344 24.7622 31.8367C24.6329 31.9175 24.4835 31.9603 24.331 31.9603C24.1787 31.9603 24.0293 31.9175 23.9 31.8367C21.6427 30.4344 11.2551 23.516 11.2551 14.9238V4.58328C11.256 4.36919 11.3403 4.16388 11.4902 4.01099C11.6401 3.85807 11.8436 3.76964 12.0577 3.76446C20.1373 3.54525 18.2768 0 24.331 0C30.3854 0 28.525 3.54525 36.6044 3.76446C36.8185 3.76964 37.0222 3.85807 37.172 4.01099C37.3219 4.16388 37.4062 4.36919 37.4071 4.58328V14.9238Z" fill="url(#paint0_linear_1073_1117)"/>
-<path d="M36.322 15.0107C36.322 22.891 26.7968 29.2352 24.7279 30.5214C24.6094 30.5951 24.4725 30.6341 24.3331 30.6341C24.1934 30.6341 24.0565 30.5951 23.938 30.5214C21.8674 29.2352 12.344 22.891 12.344 15.0107V5.52891C12.344 5.33247 12.421 5.14387 12.5585 5.00365C12.696 4.8634 12.8831 4.78271 13.0795 4.77892C20.4852 4.57783 18.7787 1.32605 24.3311 1.32605C29.8836 1.32605 28.1773 4.5869 35.5865 4.77892C35.7829 4.78271 35.97 4.8634 36.1075 5.00365C36.245 5.14387 36.322 5.33247 36.322 5.52891V15.0107Z" fill="url(#paint1_linear_1073_1117)"/>
-<path d="M30.1681 18.0669H18.4942C18.1656 18.0669 17.8504 18.1974 17.6181 18.4298C17.3857 18.6622 17.2551 18.9774 17.2551 19.306V20.8422C17.2551 20.897 17.2769 20.9495 17.3156 20.9883C17.3543 21.027 17.4069 21.0487 17.4616 21.0487H31.2007C31.2278 21.0487 31.2545 21.0434 31.2797 21.033C31.3048 21.0226 31.3276 21.0074 31.3468 20.9883C31.3657 20.9691 31.381 20.9463 31.3913 20.9213C31.4017 20.8962 31.4072 20.8693 31.4072 20.8422V19.306C31.4072 18.9774 31.2766 18.6622 31.0442 18.4298C30.8118 18.1974 30.4967 18.0669 30.1681 18.0669Z" fill="white"/>
-<path d="M30.1173 22.5795H18.545C18.506 22.5795 18.4687 22.5951 18.4412 22.6225C18.4137 22.6501 18.3982 22.6874 18.3982 22.7262V23.5017C18.3982 23.7357 18.4911 23.9601 18.6566 24.1254C18.8221 24.2909 19.0464 24.3838 19.2804 24.3838H29.3817C29.6159 24.3838 29.8401 24.2909 30.0056 24.1254C30.1711 23.9601 30.264 23.7357 30.264 23.5017V22.7262C30.264 22.6874 30.2486 22.6501 30.221 22.6225C30.1936 22.5951 30.1561 22.5795 30.1173 22.5795Z" fill="white"/>
-<path d="M27.0194 11.3205C27.8364 10.1339 28.4089 10.3586 27.9435 7.61765C27.4778 4.87673 24.429 4.90028 24.2423 4.90028C24.0558 4.90028 21.0068 4.8713 20.5413 7.61765C20.0757 10.364 20.6481 10.1339 21.4634 11.3205C21.9897 12.9829 22.2413 14.7201 22.2079 16.4636H26.2768C26.2435 14.7203 26.4944 12.9832 27.0194 11.3205Z" fill="white"/>
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M40.4071 14.9238C40.4071 23.516 30.0194 30.4344 27.7622 31.8367C27.6329 31.9175 27.4835 31.9603 27.331 31.9603C27.1787 31.9603 27.0293 31.9175 26.9 31.8367C24.6427 30.4344 14.2551 23.516 14.2551 14.9238V4.58328C14.256 4.36919 14.3403 4.16388 14.4902 4.01099C14.6401 3.85807 14.8436 3.76964 15.0577 3.76446C23.1373 3.54525 21.2768 0 27.331 0C33.3854 0 31.525 3.54525 39.6044 3.76446C39.8185 3.76964 40.0222 3.85807 40.172 4.01099C40.3219 4.16388 40.4062 4.36919 40.4071 4.58328V14.9238Z" fill="url(#paint0_linear_1073_1117)"/>
+<path d="M39.322 15.0107C39.322 22.891 29.7969 29.2352 27.7279 30.5214C27.6094 30.5951 27.4725 30.6341 27.3331 30.6341C27.1934 30.6341 27.0565 30.5951 26.938 30.5214C24.8674 29.2352 15.344 22.891 15.344 15.0107V5.52891C15.344 5.33247 15.421 5.14387 15.5585 5.00365C15.696 4.8634 15.8831 4.78271 16.0795 4.77892C23.4852 4.57783 21.7787 1.32605 27.3311 1.32605C32.8836 1.32605 31.1773 4.5869 38.5865 4.77892C38.7829 4.78271 38.97 4.8634 39.1075 5.00365C39.245 5.14387 39.322 5.33247 39.322 5.52891V15.0107Z" fill="url(#paint1_linear_1073_1117)"/>
+<path d="M33.1681 18.0669H21.4942C21.1656 18.0669 20.8504 18.1974 20.6181 18.4298C20.3857 18.6622 20.2551 18.9774 20.2551 19.306V20.8422C20.2551 20.897 20.2769 20.9495 20.3156 20.9883C20.3543 21.027 20.4069 21.0487 20.4616 21.0487H34.2007C34.2278 21.0487 34.2545 21.0434 34.2797 21.033C34.3048 21.0226 34.3276 21.0074 34.3468 20.9883C34.3657 20.9691 34.381 20.9463 34.3913 20.9213C34.4017 20.8962 34.4072 20.8693 34.4072 20.8422V19.306C34.4072 18.9774 34.2766 18.6622 34.0442 18.4298C33.8118 18.1974 33.4967 18.0669 33.1681 18.0669Z" fill="white"/>
+<path d="M33.1173 22.5795H21.545C21.506 22.5795 21.4687 22.5951 21.4412 22.6225C21.4137 22.6501 21.3982 22.6874 21.3982 22.7262V23.5017C21.3982 23.7357 21.4911 23.9601 21.6566 24.1254C21.8221 24.2909 22.0464 24.3838 22.2804 24.3838H32.3817C32.6159 24.3838 32.8401 24.2909 33.0056 24.1254C33.1711 23.9601 33.264 23.7357 33.264 23.5017V22.7262C33.264 22.6874 33.2486 22.6501 33.221 22.6225C33.1936 22.5951 33.1561 22.5795 33.1173 22.5795Z" fill="white"/>
+<path d="M30.0194 11.3205C30.8364 10.1339 31.4089 10.3586 30.9435 7.61766C30.4778 4.87673 27.429 4.90028 27.2423 4.90028C27.0558 4.90028 24.0068 4.8713 23.5413 7.61766C23.0757 10.364 23.6481 10.1339 24.4634 11.3205C24.9897 12.9829 25.2413 14.7201 25.2079 16.4636H29.2768C29.2435 14.7203 29.4944 12.9832 30.0194 11.3205Z" fill="white"/>
 <defs>
-<linearGradient id="paint0_linear_1073_1117" x1="24.331" y1="-1.57607" x2="24.331" y2="34.976" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint0_linear_1073_1117" x1="27.331" y1="-1.57607" x2="27.331" y2="34.976" gradientUnits="userSpaceOnUse">
 <stop stop-color="#5E9624"/>
 <stop offset="0.316" stop-color="#619A25"/>
 <stop offset="0.659" stop-color="#69A728"/>
 <stop offset="0.999" stop-color="#76BC2D"/>
 </linearGradient>
-<linearGradient id="paint1_linear_1073_1117" x1="24.3311" y1="31.9" x2="24.3311" y2="-2.07428" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint1_linear_1073_1117" x1="27.3311" y1="31.9" x2="27.3311" y2="-2.07428" gradientUnits="userSpaceOnUse">
 <stop stop-color="#5E9624"/>
 <stop offset="0.546" stop-color="#6DAD2A"/>
 <stop offset="0.999" stop-color="#76BC2D"/>
diff --git a/windows/security/book/images/defender-for-endpoint.svg b/windows/security/book/images/defender-for-endpoint.svg
index 35ff9ff372..bf135a593b 100644
--- a/windows/security/book/images/defender-for-endpoint.svg
+++ b/windows/security/book/images/defender-for-endpoint.svg
@@ -1,3 +1,3 @@
-<svg width="49" height="32" viewBox="0 0 49 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path fill-rule="evenodd" clip-rule="evenodd" d="M22.4141 0.0289066C22.39 0.0679141 22.2084 0.123152 21.7305 0.236588C21.3079 0.336841 20.5998 0.558601 20.3694 0.66289C20.0203 0.820714 19.6904 0.988041 19.6795 1.0127C19.6728 1.0275 19.6511 1.0396 19.631 1.0396C19.6109 1.0396 19.268 1.25751 18.8692 1.52383C18.4703 1.79016 18.1352 2.00806 18.1246 2.00806C18.114 2.00806 17.9849 2.07944 17.8378 2.1667C17.5604 2.33106 16.6373 2.78588 16.418 2.86623C16.3491 2.89143 16.2606 2.92507 16.2212 2.94093C15.8401 3.09497 14.8546 3.41601 14.5577 3.48281C14.4888 3.49833 14.352 3.52953 14.2536 3.55222C13.8615 3.64244 13.7696 3.661 13.2698 3.75084C12.9845 3.80215 12.6062 3.85863 12.4291 3.87648C11.472 3.97261 10.736 4.02372 9.61186 4.07188L9.0484 4.096L9.04822 7.36528C9.04804 9.25109 9.0629 10.7864 9.08329 10.9932C9.10269 11.1905 9.1355 11.5698 9.15607 11.8362C9.17675 12.1025 9.20848 12.4172 9.22673 12.5356C9.24499 12.654 9.28542 12.9445 9.31671 13.1812C9.37663 13.6358 9.42672 13.9488 9.47733 14.1856C9.49423 14.2645 9.53528 14.4582 9.56856 14.616C9.68376 15.1626 9.87336 15.9146 10.0207 16.4094C10.1185 16.7379 10.4735 17.8239 10.5131 17.916C10.5301 17.9554 10.6205 18.1895 10.714 18.4361C10.8753 18.8618 10.9261 18.9834 11.1451 19.4673C11.1965 19.5807 11.2711 19.7462 11.3111 19.8349C11.4192 20.0755 11.8527 20.9436 11.9468 21.1083C11.9918 21.1872 12.0855 21.3567 12.1549 21.4849C12.2243 21.6132 12.3507 21.8272 12.4356 21.9605C12.5206 22.0939 12.5901 22.2106 12.5901 22.2197C12.5901 22.3607 13.9476 24.2428 14.6861 25.1255C15.382 25.9575 16.5521 27.1698 17.1446 27.6725C17.168 27.6926 17.3075 27.8135 17.4546 27.9415C17.8801 28.3121 17.8751 28.3079 18.2604 28.6157C18.6369 28.9165 18.5971 28.8861 19.0474 29.2175C19.2639 29.3769 19.618 29.6249 19.8344 29.7691C20.0509 29.9129 20.2716 30.061 20.3249 30.0979C20.3782 30.135 20.43 30.1652 20.4399 30.1652C20.4499 30.1652 20.5953 30.2539 20.763 30.3625C20.9308 30.4711 21.0751 30.5598 21.0839 30.5598C21.0926 30.5598 21.1773 30.6066 21.272 30.6639C21.6613 30.8996 22.6615 31.4125 23.4657 31.7888C24.0604 32.0671 24.1302 32.068 24.6819 31.8051C24.9081 31.6974 25.2543 31.5328 25.451 31.4397C26.8292 30.7869 27.3527 30.4938 28.4014 29.7876C29.4062 29.1114 30.8634 27.9848 31.3001 27.5467C31.3101 27.537 31.4147 27.4412 31.5327 27.334C31.9359 26.9674 32.5698 26.3387 32.9101 25.9675C33.097 25.7635 33.2883 25.5552 33.3353 25.5047C33.3823 25.4539 33.6322 25.1538 33.8906 24.8377C34.3686 24.2529 34.5719 23.981 35.0647 23.2667C35.2167 23.0462 35.3577 22.8465 35.3778 22.8226C35.3979 22.7988 35.4142 22.771 35.4142 22.7611C35.4142 22.7509 35.5058 22.601 35.6177 22.4278C36.0578 21.7457 37.2029 19.5736 37.2029 19.4209C37.2029 19.413 37.2415 19.3214 37.2886 19.2173C37.3356 19.1131 37.4097 18.9391 37.4532 18.8306C37.4967 18.7221 37.549 18.593 37.5693 18.5437C37.6348 18.3839 37.6609 18.3149 37.7575 18.0415C37.8098 17.8935 37.867 17.7402 37.8842 17.7007C37.9016 17.6613 37.9658 17.4676 38.027 17.2703C38.2181 16.6542 38.2494 16.555 38.277 16.4812C38.3119 16.3883 38.358 16.2195 38.4937 15.6921C38.5544 15.4553 38.6191 15.2052 38.6374 15.1361C38.6555 15.0671 38.7124 14.8088 38.7636 14.5622C38.8151 14.3156 38.8713 14.0493 38.8888 13.9704C38.9062 13.8915 38.9362 13.7462 38.9556 13.6475C38.9748 13.5489 39.0316 13.2745 39.0817 13.0378C39.1315 12.801 39.1867 12.5186 39.2041 12.4101C39.2216 12.3016 39.2463 10.3767 39.2593 8.1327L39.2827 4.05259L38.4842 4.05162C37.46 4.05036 36.852 4.01161 35.7362 3.87639C35.4047 3.83614 34.6531 3.7062 34.4842 3.65992C34.4154 3.641 34.2141 3.59115 34.0369 3.549C33.5031 3.42201 32.6227 3.13748 32.2125 2.95923C32.1535 2.93358 32.033 2.88534 31.9452 2.85206C31.7881 2.79252 30.8848 2.35043 30.6743 2.23C30.6151 2.19629 30.4703 2.11325 30.3523 2.04546C30.2342 1.97767 29.9363 1.79339 29.6904 1.63583C29.2265 1.33884 28.6909 1.0257 28.474 0.924822C27.9885 0.69894 27.8077 0.626483 27.3727 0.483547C26.7402 0.275595 26.7169 0.26878 26.3991 0.197491C26.1448 0.140549 26.0321 0.103693 25.8897 0.0310588C25.8114 -0.00893523 22.4388 -0.0109977 22.4141 0.0289066ZM25.1111 2.02681C26.0486 2.12383 26.8193 2.31815 27.4544 2.61758C27.5725 2.67317 27.7254 2.74419 27.7943 2.77522C27.8631 2.80633 27.9677 2.86067 28.0269 2.89609C28.0858 2.93142 28.2147 3.00683 28.3131 3.06359C28.4113 3.12035 28.6395 3.26124 28.82 3.37655C29.0006 3.49197 29.159 3.5863 29.1722 3.5863C29.1855 3.5863 29.2411 3.61823 29.2958 3.65731C29.4238 3.74879 30.5317 4.3051 30.8351 4.43039C30.9631 4.48311 31.1326 4.55574 31.2121 4.59171C31.2913 4.62766 31.4604 4.69169 31.5877 4.73401C31.7148 4.77634 31.8512 4.82531 31.8905 4.84279C31.9907 4.88735 32.4958 5.05181 32.7313 5.11665C32.8394 5.14642 32.9763 5.18462 33.0352 5.20148C33.3596 5.29439 33.443 5.31591 33.5898 5.3446C33.6783 5.36199 33.8634 5.40171 34.0012 5.43292C34.3214 5.50557 34.5551 5.55121 34.8241 5.59371C34.9422 5.61245 35.1432 5.64465 35.2712 5.66543C35.6393 5.72518 36.4378 5.81583 36.8167 5.84093C37.0076 5.85366 37.1815 5.88182 37.2034 5.90363C37.2554 5.95597 37.2305 9.65954 37.1718 10.5807C37.1341 11.1755 37.0685 11.8497 36.9889 12.4639C36.9734 12.5822 36.9505 12.7679 36.9374 12.8764C36.9246 12.9849 36.8988 13.1543 36.8801 13.253C36.8613 13.3516 36.8211 13.5695 36.7909 13.7372C36.7607 13.9049 36.7209 14.1067 36.7026 14.1856C36.5989 14.6363 36.4076 15.4179 36.3822 15.4948C36.3661 15.5441 36.3321 15.6571 36.3071 15.7459C36.1046 16.4617 35.6228 17.7737 35.3268 18.4165C35.2569 18.5682 35.1997 18.7001 35.1997 18.7094C35.1997 18.7798 34.3726 20.352 34.1453 20.7137C34.0833 20.8124 34.0234 20.9173 34.0122 20.9469C34.0009 20.9765 33.8531 21.2075 33.6836 21.4602C33.5139 21.7129 33.3751 21.9261 33.3751 21.9341C33.3751 21.942 33.3067 22.0438 33.223 22.1601C33.1396 22.2766 32.9681 22.5152 32.8421 22.6907C32.7163 22.8659 32.5342 23.1062 32.4374 23.2245C32.3407 23.343 32.2425 23.4639 32.2191 23.4935C32.0249 23.7396 31.8792 23.917 31.819 23.9806C31.7797 24.0223 31.6438 24.1759 31.5171 24.322C31.2719 24.6047 30.2576 25.6285 30.0482 25.8048C29.9793 25.8628 29.8021 26.0171 29.6547 26.1478C29.507 26.2784 29.2334 26.505 29.0465 26.6514C28.8595 26.7977 28.6984 26.9268 28.6887 26.938C28.6108 27.0279 26.8632 28.1924 26.8062 28.1924C26.795 28.1924 26.7431 28.2222 26.6908 28.2586C26.5924 28.3273 26.3593 28.4553 25.7193 28.7927C24.1569 29.6166 24.1765 29.609 23.8713 29.5025C23.7232 29.4506 22.8607 29.0194 22.5891 28.8614C22.5103 28.8155 22.3655 28.7327 22.2671 28.6775C22.1687 28.6221 22.019 28.5378 21.9343 28.4902C21.8496 28.4423 21.596 28.2831 21.3705 28.1364C21.1451 27.9896 20.9533 27.8696 20.9444 27.8696C20.9211 27.8696 20.2408 27.3907 19.9285 27.1543C19.7835 27.0446 19.6218 26.9226 19.5692 26.8831C19.4508 26.7944 18.9466 26.3883 18.9222 26.362C18.9124 26.3515 18.7192 26.1795 18.4929 25.98C17.0791 24.7331 15.8998 23.3691 14.8204 21.7317C14.5776 21.3633 14.3788 21.0511 14.3788 21.0378C14.3788 21.0244 14.3332 20.9462 14.2775 20.8637C14.2219 20.7812 14.1104 20.5927 14.0299 20.4447C13.9495 20.2968 13.8258 20.0708 13.7552 19.9426C13.525 19.5248 13.0806 18.599 12.8944 18.1491C12.7872 17.8901 12.7326 17.7613 12.6507 17.5752C12.6203 17.5061 12.5609 17.3528 12.5187 17.2345C12.4765 17.1161 12.4285 16.9869 12.412 16.9475C12.246 16.5493 11.9052 15.4971 11.802 15.0644C11.7855 14.9953 11.7541 14.8743 11.7322 14.7953C11.6483 14.4927 11.499 13.8045 11.4132 13.3247C11.3725 13.0971 11.2429 12.164 11.1965 11.7644C11.0946 10.8872 10.9876 6.80159 11.0567 6.43035C11.1154 6.11569 11.2395 6.05641 11.9819 5.9889C12.4042 5.95043 12.8694 5.89806 13.0909 5.86388C13.6693 5.77494 13.7473 5.7606 14.5756 5.5921C14.8043 5.54564 14.9819 5.50089 15.3447 5.39849C15.5317 5.34577 15.7248 5.29457 15.774 5.2847C15.8232 5.27484 15.8957 5.25277 15.935 5.23564C15.9744 5.21852 16.1756 5.1465 16.3822 5.07558C16.5888 5.00473 16.8786 4.89642 17.0262 4.83507C17.1737 4.77365 17.3508 4.70047 17.4197 4.6726C17.8853 4.48364 18.9194 3.93216 19.5153 3.55491C20.6397 2.84328 20.938 2.67756 21.4622 2.47311C22.0806 2.23188 22.846 2.04653 23.2447 2.04124C23.3564 2.03981 23.5202 2.02573 23.6087 2.00986C23.8761 1.96215 24.5616 1.96987 25.1111 2.02681ZM23.5014 4.03672C23.4522 4.04507 23.275 4.07009 23.1079 4.09231C22.1614 4.21839 21.864 4.33964 19.2799 5.6527C18.1895 6.20679 17.8232 6.38175 17.2944 6.60118C17.0977 6.68286 16.8562 6.78608 16.7578 6.83065C16.6595 6.87512 16.4904 6.93906 16.3822 6.9726C16.274 7.00615 16.1575 7.04883 16.1233 7.06748C16.0891 7.08621 16.0366 7.10146 16.0066 7.10146C15.9765 7.10146 15.924 7.11742 15.8898 7.13688C15.8303 7.17096 15.582 7.24063 14.7545 7.45549C14.6757 7.47593 14.4343 7.5343 14.2178 7.58524C14.0014 7.63617 13.768 7.6924 13.6991 7.71024C13.6302 7.72809 13.4853 7.76521 13.3771 7.79284L13.1804 7.84296L13.1849 9.04152C13.1874 9.7007 13.209 10.4579 13.2328 10.7242C13.2567 10.9905 13.2892 11.3618 13.3052 11.5492C13.3211 11.7366 13.3507 11.9868 13.3709 12.1052C13.3911 12.2235 13.4349 12.4899 13.4683 12.697C13.5624 13.2791 13.5963 13.4537 13.7154 13.9704C13.7472 14.1085 13.7876 14.2941 13.8051 14.3829C13.8226 14.4716 13.86 14.6169 13.8881 14.7057C13.9162 14.7945 13.9594 14.9397 13.9843 15.0285C14.0091 15.1173 14.0425 15.2303 14.0586 15.2796C14.0747 15.3289 14.1137 15.4661 14.1453 15.5845C14.1769 15.7028 14.2166 15.832 14.2335 15.8714C14.2504 15.9109 14.2837 15.9996 14.3073 16.0687C14.3309 16.1378 14.3631 16.2265 14.3786 16.266C14.3943 16.3054 14.4341 16.4184 14.4673 16.5171C14.5004 16.6157 14.5423 16.7327 14.5605 16.7771C14.5786 16.8215 14.6079 16.8941 14.6256 16.9385C14.9007 17.6305 15.0029 17.8598 15.3175 18.4899C15.5128 18.8808 15.6268 19.0964 15.8156 19.4314C15.8518 19.4955 15.9149 19.6085 15.9559 19.6825C16.04 19.834 16.2867 20.2331 16.3874 20.3805C16.4239 20.434 16.4537 20.4862 16.4537 20.4966C16.4537 20.5071 16.4765 20.5441 16.5044 20.5788C16.5322 20.6136 16.6936 20.8482 16.8631 21.1001C17.0325 21.3519 17.194 21.586 17.222 21.6202C17.25 21.6543 17.3985 21.8449 17.5519 22.0438C17.8785 22.4667 18.049 22.6737 18.2998 22.9511C18.4002 23.0621 18.537 23.2168 18.6039 23.2947C19.3899 24.2127 20.9968 25.5777 22.3207 26.4519C23.4769 27.2155 23.8258 27.4033 24.0869 27.4033C24.3094 27.4033 24.3071 27.4044 24.9681 26.9892C25.214 26.8348 25.6086 26.5878 25.8447 26.4408C26.5677 25.9904 27.4844 25.3378 27.9174 24.9651C29.4916 23.6109 30.5335 22.4408 31.7356 20.6779C32.0094 20.276 32.1487 20.0471 32.5868 19.279C32.7578 18.9788 33.2605 17.9503 33.4282 17.5573C33.4534 17.4981 33.5081 17.3732 33.5498 17.2796C33.5916 17.1862 33.6255 17.0999 33.6255 17.0878C33.6255 17.0758 33.6478 17.0151 33.6752 16.9529C33.8153 16.6335 34.1883 15.5569 34.3229 15.0823C34.3567 14.9639 34.3969 14.8267 34.4121 14.7774C34.4825 14.5521 34.6778 13.7599 34.735 13.4682C34.7581 13.3498 34.7914 13.1804 34.8091 13.0916C34.8663 12.801 34.9428 12.2913 34.9841 11.9258C35.0062 11.7286 35.0393 11.4622 35.0574 11.334C35.1507 10.6755 35.1843 7.91183 35.1002 7.81023C35.0748 7.77984 35.0106 7.74585 34.957 7.73464C34.9036 7.72352 34.7873 7.69913 34.6988 7.68038C34.6103 7.66164 34.3929 7.62066 34.2159 7.58928C34.0387 7.55798 33.765 7.4987 33.6077 7.45755C33.4503 7.41639 33.2652 7.36914 33.1963 7.35245C32.9233 7.28653 32.5175 7.17339 32.4272 7.13796C32.3877 7.12263 32.1624 7.04845 31.9262 6.97322C31.6901 6.89799 31.4729 6.82428 31.4434 6.80923C31.4138 6.79424 31.2609 6.73847 31.1035 6.68529C30.836 6.5948 30.7555 6.56263 30.3611 6.38875C30.2775 6.35189 30.1689 6.3093 30.1197 6.29414C30.0705 6.27897 29.9497 6.23029 29.8513 6.18591C29.7529 6.14151 29.592 6.06923 29.4936 6.02529C29.1124 5.85501 28.8092 5.70884 27.6654 5.14337C26.2099 4.42375 26.1477 4.39766 25.4064 4.19535C24.969 4.07592 23.8302 3.98113 23.5014 4.03672ZM27.6385 10.0252C27.6499 10.0551 27.6438 10.0995 27.6248 10.1239C27.6058 10.1483 27.5131 10.3135 27.4189 10.4911C27.1214 11.0513 26.9978 11.2791 26.9711 11.3161C26.957 11.3358 26.8524 11.5295 26.7383 11.7465C26.6244 11.9635 26.4911 12.2137 26.4419 12.3025C26.3929 12.3912 26.3112 12.5446 26.2605 12.6432C26.2097 12.7418 26.1598 12.8306 26.1492 12.8405C26.1389 12.8504 26.0813 12.9553 26.0212 13.0736C25.9612 13.192 25.8352 13.4301 25.7414 13.6027L25.5704 13.9166H27.5411C28.8787 13.9166 29.5114 13.9285 29.5114 13.9538C29.5114 13.987 27.4979 16.0269 22.6198 20.9359C20.5508 23.0177 20.5532 23.0177 21.6686 20.911C21.7574 20.7433 21.9665 20.3398 22.1331 20.0143C22.4684 19.3599 22.8994 18.5273 23.117 18.1132C23.4178 17.5408 23.6444 17.0899 23.6444 17.0641C23.6444 17.0493 22.9682 17.0372 22.142 17.0372C20.8889 17.0372 20.6394 17.0289 20.6394 16.9877C20.6394 16.9457 21.3555 15.5057 23.5809 11.0727C24.0284 10.1813 24.0865 10.099 24.3182 10.0275C24.5737 9.94865 27.6084 9.94659 27.6385 10.0252Z" fill="#4474D4"/>
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path fill-rule="evenodd" clip-rule="evenodd" d="M24.4142 0.0289066C24.3901 0.0679141 24.2085 0.123152 23.7306 0.236588C23.308 0.336841 22.6 0.558601 22.3695 0.66289C22.0204 0.820714 21.6905 0.988041 21.6796 1.0127C21.673 1.0275 21.6512 1.0396 21.6311 1.0396C21.611 1.0396 21.2682 1.25751 20.8693 1.52383C20.4704 1.79016 20.1354 2.00806 20.1247 2.00806C20.1141 2.00806 19.985 2.07944 19.8379 2.1667C19.5605 2.33106 18.6374 2.78588 18.4181 2.86623C18.3492 2.89143 18.2607 2.92507 18.2213 2.94093C17.8402 3.09497 16.8548 3.41601 16.5578 3.48281C16.489 3.49833 16.3521 3.52953 16.2537 3.55222C15.8616 3.64244 15.7697 3.661 15.2699 3.75084C14.9846 3.80215 14.6063 3.85863 14.4292 3.87648C13.4722 3.97261 12.7361 4.02372 11.612 4.07188L11.0485 4.096L11.0483 7.36528C11.0482 9.25109 11.063 10.7864 11.0834 10.9932C11.1028 11.1905 11.1356 11.5698 11.1562 11.8362C11.1769 12.1025 11.2086 12.4172 11.2269 12.5356C11.2451 12.654 11.2855 12.9445 11.3168 13.1812C11.3767 13.6358 11.4268 13.9488 11.4775 14.1856C11.4944 14.2645 11.5354 14.4582 11.5687 14.616C11.6839 15.1626 11.8735 15.9146 12.0208 16.4094C12.1186 16.7379 12.4736 17.8239 12.5132 17.916C12.5302 17.9554 12.6206 18.1895 12.7141 18.4361C12.8755 18.8618 12.9262 18.9834 13.1453 19.4673C13.1966 19.5807 13.2712 19.7462 13.3112 19.8349C13.4193 20.0755 13.8528 20.9436 13.9469 21.1083C13.992 21.1872 14.0856 21.3567 14.155 21.4849C14.2244 21.6132 14.3508 21.8272 14.4358 21.9605C14.5207 22.0939 14.5902 22.2106 14.5902 22.2197C14.5902 22.3607 15.9477 24.2428 16.6863 25.1255C17.3822 25.9575 18.5523 27.1698 19.1447 27.6725C19.1681 27.6926 19.3076 27.8135 19.4547 27.9415C19.8802 28.3121 19.8752 28.3079 20.2605 28.6157C20.637 28.9165 20.5972 28.8861 21.0475 29.2175C21.264 29.3769 21.6181 29.6249 21.8346 29.7691C22.051 29.9129 22.2717 30.061 22.3251 30.0979C22.3784 30.135 22.4301 30.1652 22.4401 30.1652C22.45 30.1652 22.5954 30.2539 22.7631 30.3625C22.9309 30.4711 23.0752 30.5598 23.084 30.5598C23.0927 30.5598 23.1774 30.6066 23.2721 30.6639C23.6614 30.8996 24.6616 31.4125 25.4658 31.7888C26.0605 32.0671 26.1303 32.068 26.682 31.8051C26.9082 31.6974 27.2545 31.5328 27.4511 31.4397C28.8293 30.7869 29.3528 30.4938 30.4015 29.7876C31.4063 29.1114 32.8635 27.9848 33.3003 27.5467C33.3102 27.537 33.4148 27.4412 33.5329 27.334C33.9361 26.9674 34.5699 26.3386 34.9102 25.9674C35.0971 25.7635 35.2885 25.5552 35.3355 25.5047C35.3825 25.4539 35.6323 25.1538 35.8907 24.8377C36.3687 24.2529 36.572 23.981 37.0648 23.2666C37.2168 23.0462 37.3579 22.8465 37.3779 22.8226C37.398 22.7988 37.4144 22.771 37.4144 22.761C37.4144 22.7509 37.5059 22.601 37.6178 22.4278C38.0579 21.7457 39.203 19.5736 39.203 19.4209C39.203 19.413 39.2417 19.3214 39.2887 19.2173C39.3357 19.1131 39.4098 18.9391 39.4533 18.8306C39.4968 18.7221 39.5491 18.593 39.5694 18.5437C39.6349 18.3839 39.661 18.3149 39.7576 18.0415C39.8099 17.8935 39.8671 17.7402 39.8843 17.7007C39.9017 17.6613 39.966 17.4676 40.0271 17.2703C40.2182 16.6542 40.2496 16.555 40.2771 16.4812C40.312 16.3883 40.3581 16.2195 40.4939 15.6921C40.5546 15.4553 40.6192 15.2052 40.6375 15.1361C40.6556 15.0671 40.7126 14.8088 40.7638 14.5622C40.8152 14.3156 40.8715 14.0493 40.8889 13.9704C40.9063 13.8915 40.9363 13.7462 40.9558 13.6475C40.975 13.5489 41.0317 13.2745 41.0818 13.0378C41.1317 12.801 41.1868 12.5186 41.2043 12.4101C41.2217 12.3016 41.2464 10.3767 41.2594 8.1327L41.2828 4.05259L40.4844 4.05162C39.4601 4.05036 38.8521 4.01161 37.7363 3.87639C37.4049 3.83614 36.6532 3.7062 36.4844 3.65992C36.4155 3.641 36.2142 3.59115 36.037 3.549C35.5032 3.42201 34.6229 3.13748 34.2126 2.95923C34.1537 2.93358 34.0332 2.88534 33.9453 2.85206C33.7882 2.79252 32.8849 2.35043 32.6744 2.23C32.6152 2.19629 32.4705 2.11325 32.3524 2.04546C32.2343 1.97767 31.9364 1.79339 31.6905 1.63583C31.2267 1.33884 30.691 1.0257 30.4741 0.924822C29.9886 0.69894 29.8078 0.626483 29.3729 0.483547C28.7404 0.275595 28.717 0.26878 28.3992 0.197491C28.145 0.140549 28.0322 0.103693 27.8898 0.0310588C27.8115 -0.00893523 24.4389 -0.0109977 24.4142 0.0289066ZM27.1112 2.02681C28.0487 2.12383 28.8194 2.31815 29.4545 2.61758C29.5726 2.67317 29.7255 2.74419 29.7944 2.77522C29.8632 2.80633 29.9678 2.86067 30.027 2.89609C30.0859 2.93142 30.2148 3.00683 30.3132 3.06359C30.4114 3.12035 30.6396 3.26124 30.8202 3.37655C31.0007 3.49197 31.1591 3.5863 31.1724 3.5863C31.1856 3.5863 31.2412 3.61823 31.296 3.65731C31.424 3.74879 32.5318 4.3051 32.8353 4.43039C32.9633 4.48311 33.1328 4.55574 33.2122 4.59171C33.2914 4.62766 33.4605 4.69169 33.5878 4.73401C33.7149 4.77634 33.8513 4.82531 33.8906 4.84279C33.9908 4.88735 34.496 5.05181 34.7314 5.11665C34.8396 5.14642 34.9764 5.18462 35.0353 5.20148C35.3597 5.29439 35.4432 5.31591 35.5899 5.3446C35.6784 5.36199 35.8636 5.40171 36.0013 5.43292C36.3215 5.50557 36.5552 5.55121 36.8242 5.59371C36.9423 5.61245 37.1434 5.64465 37.2713 5.66543C37.6395 5.72518 38.4379 5.81583 38.8168 5.84093C39.0077 5.85366 39.1816 5.88182 39.2035 5.90363C39.2556 5.95597 39.2306 9.65954 39.1719 10.5807C39.1342 11.1755 39.0686 11.8497 38.989 12.4639C38.9735 12.5822 38.9506 12.7679 38.9376 12.8764C38.9248 12.9849 38.8989 13.1543 38.8802 13.253C38.8614 13.3516 38.8213 13.5695 38.791 13.7372C38.7608 13.9049 38.7211 14.1067 38.7027 14.1856C38.599 14.6363 38.4077 15.4179 38.3823 15.4948C38.3662 15.5441 38.3322 15.6571 38.3073 15.7459C38.1047 16.4617 37.6229 17.7737 37.327 18.4165C37.257 18.5682 37.1998 18.7001 37.1998 18.7094C37.1998 18.7798 36.3727 20.352 36.1454 20.7137C36.0834 20.8124 36.0236 20.9173 36.0123 20.9469C36.0011 20.9765 35.8532 21.2075 35.6837 21.4602C35.514 21.7129 35.3752 21.9261 35.3752 21.9341C35.3752 21.942 35.3068 22.0438 35.2231 22.1601C35.1397 22.2766 34.9682 22.5152 34.8422 22.6907C34.7164 22.8659 34.5344 23.1062 34.4375 23.2245C34.3408 23.343 34.2426 23.4639 34.2192 23.4935C34.025 23.7396 33.8793 23.917 33.8191 23.9806C33.7798 24.0223 33.6439 24.1759 33.5172 24.322C33.272 24.6047 32.2577 25.6285 32.0483 25.8048C31.9794 25.8628 31.8022 26.0171 31.6548 26.1478C31.5072 26.2784 31.2335 26.5051 31.0466 26.6514C30.8597 26.7977 30.6985 26.9268 30.6888 26.938C30.6109 27.0279 28.8633 28.1924 28.8064 28.1924C28.7951 28.1924 28.7432 28.2222 28.6909 28.2586C28.5925 28.3273 28.3595 28.4553 27.7195 28.7927C26.157 29.6166 26.1766 29.6091 25.8714 29.5025C25.7233 29.4506 24.8609 29.0194 24.5892 28.8614C24.5104 28.8155 24.3656 28.7327 24.2672 28.6775C24.1688 28.6221 24.0192 28.5378 23.9345 28.4902C23.8498 28.4423 23.5961 28.2831 23.3706 28.1364C23.1453 27.9896 22.9534 27.8696 22.9445 27.8696C22.9212 27.8696 22.2409 27.3907 21.9287 27.1543C21.7836 27.0446 21.6219 26.9226 21.5693 26.8831C21.4509 26.7944 20.9467 26.3883 20.9223 26.362C20.9125 26.3514 20.7193 26.1795 20.493 25.98C19.0792 24.7331 17.8999 23.3691 16.8205 21.7317C16.5777 21.3633 16.3789 21.0511 16.3789 21.0378C16.3789 21.0244 16.3333 20.9462 16.2776 20.8637C16.222 20.7812 16.1105 20.5927 16.0301 20.4447C15.9496 20.2968 15.826 20.0708 15.7553 19.9426C15.5251 19.5248 15.0807 18.599 14.8946 18.1491C14.7873 17.8901 14.7327 17.7613 14.6509 17.5752C14.6204 17.5061 14.5611 17.3528 14.5188 17.2344C14.4766 17.1161 14.4286 16.9869 14.4121 16.9475C14.2462 16.5493 13.9053 15.4971 13.8021 15.0644C13.7856 14.9953 13.7542 14.8743 13.7323 14.7953C13.6484 14.4927 13.4991 13.8045 13.4133 13.3247C13.3726 13.0971 13.243 12.164 13.1966 11.7644C13.0948 10.8872 12.9877 6.80159 13.0568 6.43035C13.1155 6.11569 13.2396 6.05641 13.982 5.9889C14.4044 5.95043 14.8695 5.89806 15.091 5.86388C15.6695 5.77494 15.7474 5.7606 16.5757 5.5921C16.8044 5.54564 16.982 5.50089 17.3449 5.39849C17.5318 5.34577 17.725 5.29457 17.7741 5.2847C17.8233 5.27484 17.8958 5.25277 17.9351 5.23564C17.9745 5.21852 18.1757 5.1465 18.3823 5.07558C18.5889 5.00473 18.8787 4.89642 19.0263 4.83507C19.1738 4.77365 19.3509 4.70047 19.4198 4.6726C19.8854 4.48364 20.9195 3.93216 21.5155 3.55491C22.6399 2.84328 22.9381 2.67756 23.4623 2.47311C24.0807 2.23188 24.8461 2.04653 25.2449 2.04124C25.3565 2.03981 25.5203 2.02573 25.6088 2.00986C25.8763 1.96215 26.5617 1.96987 27.1112 2.02681ZM25.5015 4.03672C25.4523 4.04507 25.2751 4.07009 25.108 4.09231C24.1615 4.21839 23.8641 4.33964 21.2801 5.6527C20.1896 6.20679 19.8233 6.38175 19.2946 6.60118C19.0978 6.68286 18.8563 6.78608 18.758 6.83065C18.6596 6.87512 18.4905 6.93906 18.3823 6.9726C18.2741 7.00615 18.1576 7.04883 18.1234 7.06748C18.0892 7.08621 18.0367 7.10146 18.0067 7.10146C17.9766 7.10146 17.9241 7.11742 17.89 7.13688C17.8304 7.17096 17.5821 7.24063 16.7546 7.45549C16.6759 7.47593 16.4344 7.5343 16.218 7.58524C16.0015 7.63617 15.7681 7.6924 15.6992 7.71024C15.6304 7.72809 15.4855 7.76521 15.3773 7.79284L15.1805 7.84296L15.1851 9.04152C15.1876 9.7007 15.2091 10.4579 15.2329 10.7242C15.2568 10.9905 15.2893 11.3618 15.3054 11.5492C15.3213 11.7366 15.3509 11.9868 15.371 12.1052C15.3912 12.2235 15.435 12.4899 15.4685 12.697C15.5625 13.2791 15.5964 13.4537 15.7155 13.9704C15.7473 14.1085 15.7878 14.2941 15.8052 14.3829C15.8227 14.4716 15.8601 14.6169 15.8882 14.7057C15.9163 14.7945 15.9596 14.9397 15.9844 15.0285C16.0092 15.1173 16.0427 15.2303 16.0588 15.2796C16.0749 15.3289 16.1139 15.4661 16.1454 15.5845C16.177 15.7028 16.2167 15.832 16.2336 15.8714C16.2505 15.9109 16.2838 15.9996 16.3074 16.0687C16.331 16.1378 16.3632 16.2265 16.3788 16.266C16.3944 16.3054 16.4342 16.4184 16.4674 16.5171C16.5005 16.6157 16.5424 16.7327 16.5606 16.7771C16.5787 16.8215 16.608 16.8941 16.6257 16.9385C16.9008 17.6305 17.003 17.8598 17.3177 18.4899C17.5129 18.8808 17.6269 19.0964 17.8157 19.4314C17.8519 19.4955 17.915 19.6085 17.9561 19.6825C18.0401 19.834 18.2868 20.2331 18.3875 20.3805C18.424 20.434 18.4539 20.4862 18.4539 20.4966C18.4539 20.5071 18.4767 20.5441 18.5045 20.5788C18.5323 20.6136 18.6937 20.8482 18.8632 21.1C19.0326 21.3519 19.1941 21.586 19.2221 21.6201C19.2501 21.6543 19.3986 21.8449 19.5521 22.0438C19.8786 22.4667 20.0491 22.6737 20.2999 22.9511C20.4003 23.0621 20.5371 23.2168 20.604 23.2947C21.39 24.2127 22.9969 25.5777 24.3208 26.4519C25.477 27.2155 25.8259 27.4033 26.087 27.4033C26.3095 27.4033 26.3073 27.4044 26.9682 26.9892C27.2141 26.8348 27.6087 26.5878 27.8448 26.4408C28.5678 25.9904 29.4845 25.3378 29.9175 24.9651C31.4917 23.6109 32.5336 22.4408 33.7357 20.6779C34.0096 20.276 34.1488 20.0471 34.5869 19.279C34.7579 18.9788 35.2606 17.9503 35.4284 17.5573C35.4535 17.4981 35.5083 17.3732 35.55 17.2796C35.5917 17.1862 35.6257 17.0999 35.6257 17.0878C35.6257 17.0758 35.648 17.0151 35.6753 16.9529C35.8155 16.6335 36.1884 15.5569 36.323 15.0823C36.3568 14.9639 36.397 14.8267 36.4122 14.7774C36.4826 14.5521 36.6779 13.7599 36.7351 13.4682C36.7582 13.3498 36.7916 13.1804 36.8092 13.0916C36.8664 12.801 36.943 12.2913 36.9842 11.9258C37.0063 11.7286 37.0394 11.4622 37.0575 11.334C37.1509 10.6755 37.1844 7.91183 37.1003 7.81023C37.0749 7.77984 37.0107 7.74585 36.9571 7.73464C36.9037 7.72352 36.7874 7.69913 36.6989 7.68038C36.6104 7.66164 36.393 7.62066 36.216 7.58928C36.0388 7.55798 35.7651 7.4987 35.6078 7.45755C35.4504 7.41639 35.2653 7.36914 35.1964 7.35245C34.9234 7.28653 34.5176 7.17339 34.4273 7.13796C34.3878 7.12263 34.1625 7.04845 33.9264 6.97322C33.6902 6.89799 33.4731 6.82428 33.4435 6.80923C33.4139 6.79424 33.261 6.73847 33.1036 6.68529C32.8362 6.5948 32.7556 6.56263 32.3612 6.38875C32.2776 6.35189 32.169 6.3093 32.1198 6.29414C32.0706 6.27897 31.9499 6.23029 31.8514 6.18591C31.753 6.14151 31.5921 6.06923 31.4937 6.02529C31.1126 5.85501 30.8093 5.70884 29.6655 5.14337C28.2101 4.42375 28.1478 4.39766 27.4065 4.19535C26.9691 4.07592 25.8304 3.98113 25.5015 4.03672ZM29.6386 10.0252C29.6501 10.0551 29.6439 10.0995 29.6249 10.1239C29.6059 10.1483 29.5132 10.3135 29.419 10.4911C29.1215 11.0513 28.9979 11.2791 28.9712 11.3161C28.9571 11.3358 28.8525 11.5295 28.7384 11.7465C28.6245 11.9635 28.4912 12.2137 28.442 12.3025C28.393 12.3912 28.3113 12.5446 28.2606 12.6432C28.2098 12.7418 28.16 12.8306 28.1494 12.8405C28.139 12.8504 28.0814 12.9553 28.0214 13.0736C27.9613 13.192 27.8353 13.4301 27.7415 13.6027L27.5705 13.9166H29.5413C30.8789 13.9166 31.5116 13.9285 31.5116 13.9538C31.5116 13.987 29.498 16.0269 24.6199 20.9359C22.551 23.0177 22.5533 23.0177 23.6687 20.911C23.7576 20.7433 23.9667 20.3398 24.1333 20.0143C24.4685 19.3599 24.8995 18.5273 25.1171 18.1132C25.4179 17.5408 25.6445 17.0899 25.6445 17.0641C25.6445 17.0493 24.9683 17.0372 24.1421 17.0372C22.889 17.0372 22.6395 17.0289 22.6395 16.9877C22.6395 16.9457 23.3556 15.5057 25.581 11.0727C26.0285 10.1813 26.0866 10.099 26.3183 10.0275C26.5739 9.94865 29.6086 9.94659 29.6386 10.0252Z" fill="#4474D4"/>
 </svg>
diff --git a/windows/security/book/images/endpoint-privilege-management.svg b/windows/security/book/images/endpoint-privilege-management.svg
deleted file mode 100644
index 7efbd9c1f1..0000000000
--- a/windows/security/book/images/endpoint-privilege-management.svg
+++ /dev/null
@@ -1,46 +0,0 @@
-<svg width="56" height="32" viewBox="0 0 56 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_1073_1106)">
-<mask id="mask0_1073_1106" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="0" y="0" width="56" height="32">
-<path d="M55.4331 0H0V32H55.4331V0Z" fill="white"/>
-</mask>
-<g mask="url(#mask0_1073_1106)">
-<path d="M11.3386 4.00317H39.361V21.3504C39.361 22.0583 39.0799 22.7371 38.5794 23.2376C38.079 23.7381 37.4002 24.0193 36.6925 24.0193H14.0074C13.2996 24.0193 12.6208 23.7381 12.1203 23.2376C11.6198 22.7371 11.3386 22.0583 11.3386 21.3504V4.00317Z" fill="url(#paint0_linear_1073_1106)"/>
-<path d="M11.3386 2.6688C11.3386 1.961 11.6198 1.28218 12.1203 0.781677C12.6208 0.281177 13.2996 0 14.0074 0H36.6925C37.4002 0 38.079 0.281177 38.5794 0.781677C39.0799 1.28218 39.361 1.961 39.361 2.6688V4.00323H11.3386V2.6688Z" fill="url(#paint1_linear_1073_1106)"/>
-<path d="M29.353 15.0112H41.3626V30.9279C41.3626 31.8567 40.2489 32.3639 39.5159 31.7695L36.0783 28.9835C35.874 28.8194 35.6197 28.73 35.3579 28.73C35.0959 28.73 34.8417 28.8194 34.6373 28.9835L31.1997 31.7695C30.4667 32.3639 29.353 31.8567 29.353 30.9279V15.0112Z" fill="url(#paint2_linear_1073_1106)"/>
-<path opacity="0.5" d="M35.3223 24.0353C40.3063 24.0353 44.3466 19.9951 44.3466 15.0112C44.3466 10.0273 40.3063 5.98706 35.3223 5.98706C30.3387 5.98706 26.2983 10.0273 26.2983 15.0112C26.2983 19.9951 30.3387 24.0353 35.3223 24.0353Z" fill="url(#paint3_radial_1073_1106)"/>
-<path opacity="0.5" d="M35.3226 23.5175C40.0206 23.5175 43.8288 19.7091 43.8288 15.0112C43.8288 10.3132 40.0206 6.50476 35.3226 6.50476C30.6247 6.50476 26.8162 10.3132 26.8162 15.0112C26.8162 19.7091 30.6247 23.5175 35.3226 23.5175Z" fill="url(#paint4_radial_1073_1106)"/>
-<path d="M35.3581 23.0176C39.7799 23.0176 43.3644 19.433 43.3644 15.0112C43.3644 10.5894 39.7799 7.00476 35.3581 7.00476C30.9361 7.00476 27.3516 10.5894 27.3516 15.0112C27.3516 19.433 30.9361 23.0176 35.3581 23.0176Z" fill="url(#paint5_linear_1073_1106)"/>
-</g>
-</g>
-<defs>
-<linearGradient id="paint0_linear_1073_1106" x1="25.3498" y1="24.0193" x2="25.3498" y2="4.00317" gradientUnits="userSpaceOnUse">
-<stop stop-color="#0669BC"/>
-<stop offset="1" stop-color="#0078D4"/>
-</linearGradient>
-<linearGradient id="paint1_linear_1073_1106" x1="25.3498" y1="4.00323" x2="25.3498" y2="0" gradientUnits="userSpaceOnUse">
-<stop stop-color="#0C59A4"/>
-<stop offset="1" stop-color="#1493DF"/>
-</linearGradient>
-<linearGradient id="paint2_linear_1073_1106" x1="35.3579" y1="32.0257" x2="35.3579" y2="15.0112" gradientUnits="userSpaceOnUse">
-<stop stop-color="#0078D4"/>
-<stop offset="1" stop-color="#5EA0EF"/>
-</linearGradient>
-<radialGradient id="paint3_radial_1073_1106" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(35.3223 15.013) scale(9.02415)">
-<stop/>
-<stop offset="0.859" stop-opacity="0.532"/>
-<stop offset="1" stop-opacity="0"/>
-</radialGradient>
-<radialGradient id="paint4_radial_1073_1106" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(19.3452 15.0129) scale(8.50641)">
-<stop/>
-<stop offset="0.859" stop-opacity="0.532"/>
-<stop offset="1" stop-opacity="0"/>
-</radialGradient>
-<linearGradient id="paint5_linear_1073_1106" x1="35.3581" y1="23.0586" x2="35.3581" y2="6.48167" gradientUnits="userSpaceOnUse">
-<stop stop-color="#32BEDD"/>
-<stop offset="1" stop-color="#50E6FF"/>
-</linearGradient>
-<clipPath id="clip0_1073_1106">
-<rect width="55.4331" height="32" fill="white"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/windows/security/book/images/microsoft-cloud-pki.svg b/windows/security/book/images/microsoft-cloud-pki.svg
deleted file mode 100644
index e3e369770f..0000000000
--- a/windows/security/book/images/microsoft-cloud-pki.svg
+++ /dev/null
@@ -1,19 +0,0 @@
-<svg width="40" height="32" viewBox="0 0 40 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path fill-rule="evenodd" clip-rule="evenodd" d="M11.6613 10.951C11.8382 8.97945 12.7464 7.14542 14.2073 5.8097C15.6682 4.47399 17.576 3.73328 19.5555 3.73328C21.5351 3.73328 23.4428 4.47399 24.9038 5.8097C26.3648 7.14542 27.2729 8.97945 27.4498 10.951C28.91 11.1247 30.2485 11.8498 31.1916 12.978C32.1347 14.1062 32.611 15.5522 32.523 17.02C32.435 18.4878 31.7893 19.8666 30.7182 20.8739C29.6471 21.8814 28.2314 22.4414 26.7609 22.4394H12.3501C10.8797 22.4414 9.46401 21.8814 8.39288 20.8739C7.32174 19.8666 6.6761 18.4878 6.5881 17.02C6.50008 15.5522 6.97635 14.1062 7.91944 12.978C8.86252 11.8498 10.2011 11.1247 11.6613 10.951Z" fill="url(#paint0_linear_1073_1130)"/>
-<path fill-rule="evenodd" clip-rule="evenodd" d="M32.5253 16.6751C32.5253 18.204 31.9181 19.6701 30.837 20.7512C29.7559 21.8321 28.2898 22.4395 26.7609 22.4395H24.3111C24.2544 22.4395 24.1981 22.4507 24.1456 22.4724C24.0932 22.4941 24.0455 22.5259 24.0053 22.5661C23.9653 22.6063 23.9333 22.6539 23.9117 22.7064C23.89 22.7588 23.8788 22.815 23.8788 22.8717V23.4482C23.8788 23.5629 23.8333 23.6728 23.7522 23.7538C23.6711 23.8349 23.5611 23.8806 23.4464 23.8806H22.8701C22.8133 23.8806 22.757 23.8918 22.7045 23.9135C22.6521 23.9352 22.6045 23.967 22.5643 24.0072C22.5243 24.0473 22.4923 24.095 22.4706 24.1474C22.4489 24.1999 22.4377 24.2561 22.4377 24.3129V24.8893C22.4377 25.004 22.3922 25.1138 22.3111 25.1951C22.2301 25.2761 22.12 25.3217 22.0053 25.3217H21.429C21.3143 25.3217 21.2043 25.3672 21.1232 25.4482C21.0421 25.5293 20.9966 25.6393 20.9966 25.754V26.3304C20.9966 26.445 20.9511 26.5551 20.8701 26.6361C20.789 26.7172 20.6789 26.7627 20.5643 26.7627H19.9879C19.8733 26.7627 19.7632 26.8082 19.6821 26.8893C19.6011 26.9704 19.5556 27.0804 19.5556 27.1951V27.7714C19.5556 27.8861 19.5101 27.9961 19.429 28.0772C19.3479 28.1583 19.2379 28.2038 19.1232 28.2038H15.6646C15.55 28.2038 15.44 28.1583 15.3589 28.0772C15.2778 27.9961 15.2323 27.8861 15.2323 27.7714V24.0593C15.2324 23.9446 15.278 23.8347 15.3591 23.7537L21.1408 17.9721C20.9605 17.1817 20.9492 16.3622 21.1074 15.5671C21.2654 14.772 21.5895 14.0191 22.0583 13.3578C22.5271 12.6964 23.1301 12.1414 23.8281 11.7289C24.5261 11.3164 25.3031 11.0558 26.1085 10.9641C26.914 10.8723 27.7298 10.9514 28.5026 11.1964C29.2754 11.4413 29.9877 11.8465 30.5933 12.3854C31.1989 12.9244 31.6839 13.585 32.0169 14.3242C32.3497 15.0634 32.523 15.8644 32.5253 16.6751ZM28.6487 16.2774C29.0309 16.2774 29.3975 16.1255 29.6677 15.8553C29.938 15.585 30.0898 15.2185 30.0898 14.8363C30.0898 14.4541 29.938 14.0876 29.6677 13.8173C29.3975 13.547 29.0309 13.3952 28.6487 13.3952C28.2665 13.3952 27.9001 13.547 27.6297 13.8173C27.3595 14.0876 27.2077 14.4541 27.2077 14.8363C27.2077 15.2185 27.3595 15.585 27.6297 15.8553C27.9001 16.1255 28.2665 16.2774 28.6487 16.2774Z" fill="url(#paint1_radial_1073_1130)"/>
-<defs>
-<linearGradient id="paint0_linear_1073_1130" x1="19.5555" y1="22.435" x2="19.5555" y2="3.74129" gradientUnits="userSpaceOnUse">
-<stop stop-color="#0078D4"/>
-<stop offset="0.156" stop-color="#1380DA"/>
-<stop offset="0.528" stop-color="#3C91E5"/>
-<stop offset="0.822" stop-color="#559CEC"/>
-<stop offset="1" stop-color="#5EA0EF"/>
-</linearGradient>
-<radialGradient id="paint1_radial_1073_1130" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(22.4075 19.2072) rotate(121.131) scale(13.8778 9.46286)">
-<stop offset="0.266" stop-color="#FFD70F"/>
-<stop offset="0.487" stop-color="#FFCB12"/>
-<stop offset="0.884" stop-color="#FEAC19"/>
-<stop offset="1" stop-color="#FEA11B"/>
-</radialGradient>
-</defs>
-</svg>
diff --git a/windows/security/book/images/microsoft-entra-id.svg b/windows/security/book/images/microsoft-entra-id.svg
index 7a9eff4282..5cb2cfe7be 100644
--- a/windows/security/book/images/microsoft-entra-id.svg
+++ b/windows/security/book/images/microsoft-entra-id.svg
@@ -1,4 +1,4 @@
-<svg width="53" height="32" viewBox="0 0 53 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M15.5281 26.0077C16.3103 26.4912 17.6105 27.0288 18.9854 27.0288C20.2372 27.0288 21.4004 26.669 22.364 26.0558C22.364 26.0558 22.3661 26.0558 22.3681 26.0537L26.0067 23.7999V31.9379C25.4302 31.9379 24.8497 31.7819 24.3458 31.4702L15.5281 26.0077Z" fill="#225086"/>
 <path d="M23.7177 1.00992L8.76318 17.8619C7.60869 19.1647 7.90977 21.1327 9.40723 22.0669C9.40723 22.0669 14.9424 25.523 15.6403 25.9593C16.414 26.4412 17.7001 26.9772 19.06 26.9772C20.2982 26.9772 21.4487 26.6185 22.4018 26.007C22.4018 26.007 22.4038 26.007 22.4058 26.0051L26.0049 23.7582L17.3033 18.3241L26.0068 8.51563V0C25.1615 0 24.316 0.336642 23.7177 1.00992Z" fill="#66DDFF"/>
 <path d="M17.2561 18.3555L17.3604 18.4193L26.005 23.8002H26.0068V8.52995L26.005 8.52795L17.2561 18.3555Z" fill="#CBF8FF"/>
diff --git a/windows/security/book/images/microsoft-entra-internet-access.svg b/windows/security/book/images/microsoft-entra-internet-access.svg
deleted file mode 100644
index f4a72a686f..0000000000
--- a/windows/security/book/images/microsoft-entra-internet-access.svg
+++ /dev/null
@@ -1,28 +0,0 @@
-<svg width="50" height="32" viewBox="0 0 50 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_1073_1077)">
-<path d="M0.680908 16.9677V16.2229L24.0141 3.15051L49.2215 16.2229V16.9677L25.1434 31.0252L0.680908 16.9677Z" fill="#50E6FF"/>
-<path d="M25.0233 30.2323L49.2215 16.2707L24.0141 3.15051L0.7771 16.1266L25.0233 30.2323Z" fill="#45CAF2"/>
-<path d="M34.2509 22.1342H34.2268C35.5243 20.2599 36.7498 18.3855 38.0957 16.583L39.225 17.5444H39.249V17.5685L41.4598 19.4428C39.7778 19.2506 38.1197 19.1544 36.4376 18.9381L36.2694 19.1544C38.0235 19.3947 39.7057 19.4669 41.4598 19.6832C40.9425 20.2415 40.4986 20.8632 40.1382 21.5335L40.7871 21.1488C41.1028 20.6574 41.4561 20.1914 41.8444 19.7551L42.373 20.2118L42.6615 20.0436L42.0605 19.5148C42.6222 18.9522 43.2159 18.4227 43.8389 17.9289C44.0792 17.7609 44.2714 17.4963 44.1993 17.2321C43.6945 16.1269 42.3249 15.646 41.0753 14.853C40.6668 14.6367 40.2583 14.3966 39.8979 14.1803C40.1382 13.8678 40.3545 13.5796 40.5948 13.2671C41.8204 13.5074 43.3582 13.7478 44.6799 13.8919L44.0792 13.5796C42.9687 13.4362 41.863 13.2598 40.763 13.0508C40.9793 12.7626 41.1956 12.4741 41.4359 12.1857L41.1234 12.0177C40.6427 12.6182 40.0901 13.3633 39.6094 13.9879C38.7686 13.4593 38.1438 13.0267 37.9034 12.4741C37.9034 12.0656 37.9034 11.6571 37.9275 11.2486C38.2879 11.1283 38.6242 11.0082 38.9608 10.8882L38.6242 10.7198C38.3884 10.7892 38.156 10.8695 37.9275 10.9604V10.3594L37.4949 10.1431C37.519 10.4797 37.519 10.7922 37.519 11.1283C37.0624 11.2967 36.5817 11.513 36.1253 11.7052C34.9957 11.237 33.8962 10.6993 32.8331 10.0952H32.785C33.6261 9.73459 34.4912 9.37419 35.3802 9.06191L35.0679 8.89351C34.2035 9.21923 33.346 9.56374 32.4966 9.92682V9.90299C32.1843 9.73459 31.8958 9.54236 31.6076 9.37419C32.384 8.92917 33.2165 8.58976 34.0827 8.36495L33.7462 8.19678C32.891 8.43203 32.0679 8.77096 31.2951 9.20602V9.18197C30.6944 8.82157 30.0696 8.41306 29.4929 8.05266L26.7534 8.58123L25.1915 10.7679L26.9218 11.3927H26.9456C26.8977 13.2911 26.9456 15.2134 26.6333 17.0878C25.2396 16.7996 24.783 16.7033 24.3745 16.6073L24.3023 16.7033C23.4719 17.7007 22.4401 18.5115 21.2746 19.0824C20.7941 19.3226 20.6257 19.3947 20.3375 19.5148C19.4964 17.8807 17.5739 16.5592 16.2524 15.3818C18.3909 14.5648 18.7995 13.7956 19.4243 11.6571C20.6019 8.58123 23.0048 6.03394 25.7922 4.06356L25.4799 3.89539C22.6923 5.84171 20.3134 8.34089 19.0879 11.3689C17.9622 11.3754 16.8528 11.6383 15.8439 12.1378C16.8531 10.5516 17.2616 8.6534 17.4779 6.75496L17.0454 6.9953C16.7329 9.51831 16.0361 11.9694 14.1377 13.6518C14.1377 13.6518 11.8069 11.6569 11.7828 11.6569L10.5814 10.6478L10.2929 10.816L11.158 11.5609C11.2783 11.9934 11.1821 13.8919 10.7014 14.1803L7.26516 12.5222L6.3038 13.051L5.19855 14.4685L4.23742 14.2282L3.92491 14.3966L5.03016 14.6848L3.75674 16.2948C2.87199 16.2031 1.99043 16.0829 1.11344 15.9344L0.7771 16.1266C1.8104 16.3189 2.8916 16.4149 3.97302 16.5592C4.06902 16.4389 5.27072 14.9252 5.41484 14.757L7.6015 15.3335C7.57745 15.7903 7.55339 16.6073 7.52956 17.0637C7.55339 17.1118 7.57745 17.16 7.67367 17.3281C6.56843 17.5925 5.46295 17.8807 4.38153 18.2173L4.69382 18.3855C5.71693 18.0686 6.75096 17.7881 7.79396 17.5444C8.39447 18.6258 9.428 19.9714 10.5332 20.5962C10.77 21.1777 11.0511 21.7401 11.3743 22.2784L12.0232 22.6628C11.6147 21.942 11.158 21.2451 10.8936 20.4762C10.413 19.5148 11.1819 18.6978 11.9989 18.1211L13.9454 18.3133C12.2154 19.2506 12.864 19.7792 13.2725 21.2932C13.4648 22.0621 13.6332 23.0472 13.7292 23.648L14.1858 23.9124C14.1136 23.4076 13.9454 22.3505 13.8013 21.7257C14.6184 22.0621 15.5073 22.3265 16.1562 22.855C16.2765 23.4798 15.8439 24.1287 15.5554 24.7053L15.8679 24.8976C16.2283 24.2247 16.7329 23.5039 16.5406 22.7829C15.7717 22.1102 14.7144 21.8458 13.7292 21.4373C13.2485 19.491 12.5758 19.2747 14.5943 18.3133C14.6184 18.2895 14.6424 18.2654 14.6424 18.2414L16.0602 15.6941C17.4539 16.8956 19.3042 18.2173 20.1453 19.9714C21.659 19.2987 23.5815 18.1933 24.5667 16.9196C25.4799 17.1118 27.5944 17.5685 28.844 17.8088C29.1806 20.8125 22.8367 20.0676 23.99 22.3024C23.3893 22.3024 23.0048 22.3265 22.5242 22.3265L22.4761 22.5668C23.2452 24.0324 23.966 25.5224 24.5667 26.9882C24.9752 27.8774 25.1193 28.6704 24.5908 29.5115C24.4707 29.6075 24.3264 29.6796 24.2063 29.7756L24.687 30.0641C24.7834 29.9336 24.8717 29.797 24.9512 29.6556C28.3636 27.3005 28.3636 24.465 24.7108 22.5428C25.8403 22.5187 26.9697 22.4946 28.1473 22.4706C28.6277 23.576 29.541 25.6665 30.0215 26.796C29.6611 27.1805 29.3247 27.589 28.9643 27.9734C29.2044 27.8293 30.0455 27.3968 30.1898 27.1324L30.2377 27.2286L30.5743 27.0364C29.9976 25.7387 29.1565 23.7442 28.5796 22.4465C31.7036 22.3984 35.5243 22.2784 38.4561 22.4946L38.8165 22.2784C37.9034 22.1821 36.4135 22.1342 34.2509 22.1342ZM15.2431 12.8345C15.2561 13.083 15.2481 13.3322 15.2191 13.5794C15.181 13.8548 15.0999 14.1225 14.9788 14.3728L14.378 13.772L15.2431 12.8345ZM10.7736 14.4685C11.5425 14.1322 11.6866 12.7864 11.6147 11.8972L13.8971 13.844L13.873 13.868C12.2152 15.2617 10.1245 16.0309 7.93762 16.271L7.98573 15.3099C8.49047 15.1896 10.2205 14.7332 10.7734 14.4688L10.7736 14.4685ZM5.55895 14.5407L7.02482 12.6904L10.437 14.3244C9.93251 14.5407 8.44258 14.9492 7.79373 15.1174L5.55895 14.5407ZM11.9991 17.6647C11.254 18.3133 10.0526 19.0103 10.3651 20.1396C9.32991 19.2896 8.49333 18.2234 7.91401 17.0158L7.93807 16.5111C10.1969 16.2708 12.4076 15.4778 14.1377 14.06L14.7865 14.6129C14.258 15.9344 13.0803 16.7755 11.9991 17.6647ZM15.6035 15.6221L14.2339 18.0732L12.2395 17.8807C13.3207 16.9677 14.4742 16.1266 15.0988 14.8771C15.1229 14.8771 15.6998 15.3818 15.6998 15.3818L15.6035 15.6221ZM15.988 15.2136C15.988 15.2136 15.2672 14.5888 15.2431 14.5888C15.4599 13.9976 15.542 13.3655 15.4835 12.7385C15.7958 12.3538 18.0065 11.537 19.0157 11.6333C18.5353 13.3633 18.0065 14.565 15.988 15.2136ZM37.4468 16.8477C36.9718 17.5108 36.4993 18.1756 36.0291 18.8421C35.6687 18.794 35.2601 18.7218 34.8757 18.6739C34.8035 17.977 33.9143 16.7274 33.602 16.0785H33.578V16.0545C32.785 14.757 32.2803 13.7718 34.0106 12.9788C35.2601 14.1082 36.5576 15.2134 37.8553 16.3189C37.7101 16.4879 37.5737 16.6644 37.4468 16.8477ZM39.7057 14.4204C41.0512 15.2856 42.9978 15.9825 43.7667 17.2081C43.8032 17.3108 43.8014 17.4232 43.7617 17.5248C43.722 17.6263 43.6469 17.71 43.5504 17.7607C42.9293 18.2389 42.343 18.7608 41.7963 19.3226L39.8257 17.6166L39.7538 17.5925H39.7778L38.2879 16.2948C38.7686 15.67 39.225 15.0452 39.7057 14.4204ZM36.1012 11.9934C36.5576 11.8012 37.0142 11.5849 37.4709 11.417C37.2546 13.051 38.0475 13.3152 39.3934 14.2765C39.3934 14.2765 38.4561 15.5021 37.9994 16.1026C36.7498 15.0452 35.5005 13.964 34.275 12.8586C34.8757 12.5463 35.4524 12.2819 36.1012 11.9934ZM32.2562 10.3594C32.3093 10.2875 32.3858 10.2365 32.4725 10.2153V10.2393C33.5276 10.8431 34.619 11.3808 35.7406 11.8493C35.1399 12.1137 34.6113 12.3781 34.0587 12.6423C33.3136 11.8734 32.3765 11.2486 32.2562 10.3594ZM31.3192 9.54236C31.6076 9.71076 31.8718 9.87893 32.1602 10.0471H32.1843C31.0548 10.5276 33.1935 12.1857 33.7702 12.7864C33.4747 12.9374 33.1933 13.1144 32.9291 13.3152L29.3247 11.9934C29.9255 11.1045 30.4061 10.2153 31.3192 9.54236ZM26.9218 11.1523L25.6722 10.6719L27.0418 8.77346L29.3488 8.31683C29.5891 8.46117 29.8533 8.62934 30.1177 8.79751C28.9881 9.37419 27.0899 9.71053 26.9218 11.1523ZM26.9696 17.184C27.3303 15.2375 27.2581 13.243 27.3062 11.2726C27.3782 9.83082 29.2766 9.54236 30.3821 8.98974C30.5984 9.11002 30.7906 9.25414 31.0069 9.37419H31.0307C30.0696 10.0471 29.5891 10.9601 28.9643 11.8734C27.8588 13.6277 28.3636 15.574 28.82 17.5685C28.1473 17.4244 27.5225 17.3041 26.9696 17.184ZM28.6999 14.5888C28.6575 13.773 28.8316 12.9606 29.2044 12.2338L32.7369 13.5315C32.0402 14.3004 32.7129 15.3096 33.1454 16.0066H33.1214C33.4098 16.6073 34.3469 17.9529 34.4431 18.6018C32.785 18.2895 30.9106 18.0251 29.2525 17.6166C29.0603 16.6314 28.6759 15.4297 28.6999 14.5888ZM24.9512 23.0232C27.7388 24.441 27.7388 27.1805 25.2396 29.0549C25.8163 27.6611 23.5334 24.0565 22.8845 22.5668C23.2452 22.5668 23.7016 22.5668 24.2304 22.5428C24.4226 22.6869 24.687 22.855 24.9512 23.0232ZM28.4836 22.2062C27.4022 22.2303 25.2637 22.2784 24.4466 22.3024C22.9808 20.428 29.4448 20.9566 29.2285 17.9048C32.2083 18.4817 33.6261 18.7459 35.8609 19.0824C35.1639 20.1158 34.4912 21.125 33.7702 22.1342C32.064 22.1342 30.2137 22.1583 28.4836 22.2062Z" fill="#84ECFD"/>
-<path d="M25.2636 8.55718C26.5182 7.50425 27.9183 6.63818 29.4207 5.98584L27.4743 4.95276C25.1433 6.20235 22.356 7.86045 21.6109 10.5757C21.5752 10.7421 21.5512 10.9107 21.5389 11.0804C21.5149 12.3779 21.9234 13.6994 21.6109 15.0214C21.1304 17.5444 18.3428 18.3855 16.1802 19.0584C15.7484 19.17 15.3465 19.3751 15.0028 19.6591C13.2005 21.9899 25.3837 24.2247 20.8179 27.7812L21.2264 28.0216C25.7681 24.6573 17.5498 22.4706 16.0601 20.2358C16.0842 19.9474 16.4927 19.8754 16.7328 19.7792C21.2505 18.674 24.2782 16.7993 23.5815 11.6812C23.5574 10.4316 24.3744 9.35038 25.2636 8.55718Z" fill="#50E6FF"/>
-<path d="M7.4849 8.06128C7.1544 7.84284 6.7553 7.75306 6.36309 7.80891C6.26986 7.82802 6.17985 7.86036 6.09574 7.90491C5.71968 8.10531 5.48706 8.55399 5.48706 9.20261C5.48706 11.5788 7.47174 12.8747 7.48717 15.3784C7.49171 14.6737 7.65239 14.2489 7.88502 13.9454C8.4676 13.1847 9.48729 13.2149 9.48729 11.5125C9.48275 10.2416 8.58924 8.6981 7.4849 8.06128ZM8.42629 11.4201C8.2697 11.7506 7.90658 11.8355 7.48286 11.5919C7.18517 11.3986 6.9373 11.1377 6.75934 10.8306C6.58137 10.5234 6.47836 10.1787 6.45864 9.82423C6.45864 9.33969 6.71532 9.07007 7.08048 9.10344C7.22278 9.12023 7.35986 9.16698 7.48286 9.24029C7.78051 9.43367 8.02834 9.69453 8.20627 10.0017C8.38417 10.3088 8.48716 10.6536 8.50686 11.008C8.51142 11.1497 8.48387 11.2906 8.42629 11.4201Z" fill="#2195DC"/>
-<path d="M7.48492 9.23958C7.34898 9.15715 7.19701 9.10468 7.03919 9.08571C6.63272 9.05121 6.3479 9.34897 6.3479 9.8882C6.36971 10.282 6.4843 10.6651 6.68229 11.0063C6.88026 11.3474 7.15605 11.637 7.48719 11.8513C7.95902 12.1232 8.36322 12.0274 8.53525 11.6591C8.599 11.5148 8.63016 11.3583 8.62648 11.2007C8.60249 10.8074 8.48677 10.4252 8.28853 10.0847C8.09029 9.74418 7.81507 9.45459 7.48492 9.23958Z" fill="#2195DC"/>
-<path d="M8.02417 7.74992C7.46746 7.42833 6.96522 7.40019 6.60437 7.6108L6.59234 7.61988L6.09668 7.90833C6.18079 7.86378 6.27082 7.83146 6.36403 7.81233C6.75622 7.75736 7.15502 7.8469 7.48607 8.06425C8.59132 8.7013 9.48618 10.2473 9.48618 11.5148C9.48618 13.2169 8.46649 13.1865 7.88391 13.9477C7.59373 14.3668 7.45355 14.8715 7.48607 15.3802L8.02394 15.0693C8.03733 12.5821 10.0243 13.5796 10.0243 11.2039C10.0243 9.93069 9.12874 8.38697 8.02417 7.74992Z" fill="#0078D4"/>
-<path d="M8.42189 12.092L7.9437 11.8158L7.80458 11.2375L7.11102 10.8374L6.97394 11.255L6.4978 10.9808L7.20657 9.15454L7.72629 9.4548L8.42189 12.092ZM7.70472 10.7943L7.49593 9.92209C7.47798 9.85008 7.46695 9.77652 7.46302 9.7024L7.45236 9.69604C7.44782 9.75596 7.43624 9.81519 7.41741 9.87216L7.20453 10.5069L7.70472 10.7943Z" fill="white"/>
-<path d="M39.4437 7.10176C39.1133 6.88355 38.7143 6.79395 38.3224 6.84985C38.2291 6.86893 38.1392 6.90125 38.0552 6.94585C37.6794 7.14556 37.4468 7.59447 37.4468 8.24332C37.4468 10.6184 39.4308 11.9131 39.4458 14.4141C39.4501 13.7101 39.611 13.2846 39.8436 12.9823C40.4257 12.222 41.445 12.2524 41.445 10.551C41.4427 9.28094 40.5467 7.73836 39.4437 7.10176ZM40.3867 10.4556C40.2301 10.7858 39.8674 10.8705 39.4437 10.6272C39.1462 10.4339 38.8986 10.1733 38.7207 9.86631C38.5427 9.55938 38.4399 9.21483 38.4202 8.86063C38.4202 8.37609 38.6766 8.1067 39.0416 8.13983C39.1839 8.15656 39.3209 8.2032 39.4437 8.27668C39.7412 8.46995 39.9888 8.73065 40.1665 9.0376C40.3445 9.34453 40.4473 9.68909 40.467 10.0433C40.472 10.185 40.4446 10.3261 40.3867 10.4556Z" fill="#2195DC"/>
-<path d="M39.4437 8.27937C39.308 8.19676 39.1559 8.14413 38.9982 8.12505C38.5917 8.09032 38.3074 8.38808 38.3074 8.92709C38.3292 9.32069 38.4435 9.70358 38.6414 10.0445C38.8391 10.3855 39.1149 10.6749 39.4458 10.8891C39.9174 11.1605 40.3216 11.065 40.4931 10.6968C40.5569 10.5526 40.588 10.3961 40.5844 10.2384C40.5612 9.84529 40.4459 9.46312 40.2478 9.12281C40.0497 8.7825 39.7742 8.49357 39.4437 8.27937Z" fill="#2195DC"/>
-<path d="M39.9845 6.78879C39.4282 6.46743 38.9271 6.43906 38.5667 6.64967L38.5538 6.65829L38.0583 6.94516C38.1423 6.90068 38.2322 6.86822 38.3255 6.84916C38.7174 6.79433 39.1159 6.88386 39.4466 7.10107C40.5505 7.73767 41.4458 9.28275 41.4458 10.5496C41.4458 12.2508 40.4266 12.2204 39.8444 12.9809C39.5542 13.3998 39.4141 13.9044 39.4466 14.413L39.9854 14.102C39.9988 11.6163 41.9846 12.6137 41.9846 10.2389C41.9814 8.97024 41.0884 7.42539 39.9845 6.78879Z" fill="#0078D4"/>
-<path d="M40.3105 10.4783C40.3105 10.6821 40.2476 10.8063 40.1194 10.8539C40.0284 10.8722 39.9346 10.8708 39.8443 10.8498C39.754 10.8287 39.6693 10.7886 39.5958 10.7321L38.8462 10.2997V8.06494L39.5545 8.47345C39.749 8.57969 39.9192 8.72539 40.0542 8.90125C40.1643 9.04015 40.2261 9.21081 40.2301 9.38784C40.2344 9.43545 40.2272 9.4834 40.209 9.52766C40.1909 9.57189 40.1625 9.61111 40.126 9.64202C40.0858 9.66873 40.04 9.68564 39.9918 9.69136C39.944 9.69706 39.8954 9.69145 39.85 9.67493V9.68128C39.9855 9.77742 40.0981 9.90208 40.1802 10.0464C40.2628 10.1755 40.3078 10.3252 40.3105 10.4783ZM39.7717 9.21558C39.7717 9.05059 39.6653 8.90693 39.4501 8.78301L39.2851 8.68701V9.21717L39.4773 9.32792C39.5073 9.35077 39.5418 9.36689 39.5786 9.37519C39.6153 9.3835 39.6535 9.38377 39.6902 9.37603C39.7458 9.35901 39.7717 9.30477 39.7717 9.21558ZM39.8498 10.2042C39.8489 10.1106 39.8194 10.0196 39.7649 9.94341C39.7032 9.85538 39.6221 9.78257 39.5279 9.73053L39.2878 9.59141V10.1803L39.5245 10.3174C39.5581 10.3424 39.5965 10.3602 39.6373 10.3699C39.678 10.3796 39.7202 10.381 39.7615 10.3739C39.8196 10.3562 39.8498 10.2999 39.8498 10.2042Z" fill="white"/>
-<path d="M17.0959 3.7991L18.5364 2.9621C19.2334 2.55813 20.1632 2.53385 21.2135 2.95144L19.7735 3.78843C18.7227 3.36948 17.7918 3.39376 17.0959 3.7991ZM30.8723 10.1333C30.8532 7.15637 28.6665 3.49861 25.9588 1.93537C24.541 1.11722 23.2513 1.03143 22.3417 1.56L20.9015 2.39677C21.8106 1.86797 23.101 1.95421 24.5181 2.7726C27.2259 4.3347 29.413 7.99337 29.4318 10.9705L29.4223 10.9757C31.3057 12.4262 32.7328 15.0411 32.7269 17.1942C32.7235 18.3493 32.308 19.1618 31.6321 19.5547L33.0825 18.7118C33.7586 18.3192 34.1742 17.5062 34.1773 16.3513C34.1823 14.1986 32.7555 11.5835 30.8723 10.1333Z" fill="#156AB3"/>
-<path d="M29.4857 10.9663C29.468 7.97686 27.2713 4.30185 24.5516 2.73181C22.3508 1.46135 20.4544 1.94975 19.8065 3.75854C17.5388 2.85686 15.8271 4.00591 15.8198 6.58679C15.8117 9.4559 17.9432 13.0147 20.5817 14.5378C20.7229 14.6195 20.8618 14.6937 21.0009 14.7588L28.7386 19.2259C28.8017 19.2629 28.8697 19.2908 28.9405 19.3092C31.0709 20.4367 32.7742 19.5053 32.781 17.1663C32.7851 15.0194 31.3635 12.4124 29.4857 10.9663Z" fill="url(#paint0_linear_1073_1077)"/>
-<path d="M27.2507 10.2729C27.4697 10.9172 27.5857 11.592 27.5946 12.2724C27.5946 14.5021 26.143 15.4633 24.2711 14.6177C24.1399 14.5613 24.0124 14.497 23.8889 14.4252C23.7339 14.3449 23.5923 14.2411 23.4688 14.1177H23.4307C21.5588 12.7719 20.1453 10.1574 20.1453 7.96597C20.1311 7.39154 20.2625 6.82282 20.5273 6.31286C21.062 5.39008 22.0937 5.08234 23.2777 5.54373C23.3492 5.54509 23.4175 5.57233 23.47 5.62089C23.5848 5.6976 23.7375 5.77454 23.8521 5.85147C23.9579 5.93 24.0734 5.99445 24.1957 6.0437C24.2722 6.08228 24.3104 6.12064 24.388 6.15899C25.7047 7.1827 26.6879 8.57442 27.2126 10.1576L27.2507 10.1962V10.2729ZM23.698 11.3879V8.54288L22.0937 7.6201C21.9964 8.0752 21.9452 8.53893 21.9407 9.00427C21.9553 9.50901 22.0197 10.0112 22.133 10.5035L23.698 11.3879ZM24.08 8.73488V11.5802L25.5697 12.426C25.6925 12.0141 25.7572 11.587 25.7622 11.1573C25.7699 10.6278 25.7186 10.0991 25.6092 9.58095L24.08 8.73488ZM24.8441 14.4252C25.2138 14.5278 25.6069 14.5085 25.9648 14.3699C26.3227 14.2314 26.6264 13.9811 26.8306 13.6563L25.7991 13.0413C25.621 13.5852 25.2894 14.0657 24.8441 14.4252ZM26.9827 13.3104C27.1429 12.9204 27.2208 12.5015 27.2119 12.0799C27.2165 11.5303 27.1261 10.984 26.9446 10.4651L25.9133 9.85011C26.0039 10.3709 26.0549 10.8978 26.066 11.4263C26.064 11.8564 25.9993 12.2838 25.8738 12.6952L26.9827 13.3104ZM20.4892 8.1582C20.4905 8.66657 20.5677 9.17221 20.7184 9.65766L21.7496 10.2729C21.6291 9.79571 21.5776 9.30366 21.5969 8.81181C21.5845 8.3457 21.6359 7.88007 21.7496 7.42787L20.7565 6.85096C20.5795 7.26401 20.4885 7.70881 20.4892 8.1582ZM20.8711 10.1962C21.2664 11.3305 21.9204 12.3571 22.7812 13.1949C22.3842 12.4251 22.0766 11.6124 21.8643 10.7727L20.8711 10.1962ZM23.698 13.8871V11.811L22.2464 10.9649C22.5519 12.0799 23.0104 13.1566 23.5072 13.7718C23.5834 13.8102 23.6218 13.8485 23.698 13.8871ZM23.698 8.11984V6.12041C23.5986 6.07563 23.4965 6.03714 23.3923 6.00512C23.0104 5.96654 22.5136 6.38957 22.2083 7.27377L23.698 8.11984ZM26.7925 9.92682C26.4217 8.92418 25.8493 8.00823 25.1104 7.23564C25.4453 7.92221 25.7016 8.64451 25.8743 9.38872L26.7925 9.92682ZM24.1563 14.1563C24.653 14.1177 25.1115 13.5796 25.417 12.8105L24.08 12.0415V14.1177C24.1004 14.1386 24.1274 14.1522 24.1563 14.1563ZM24.08 6.35145V8.3123L25.4934 9.15791C25.188 7.88926 24.6912 6.88955 24.3092 6.50486C24.2327 6.46651 24.1563 6.3898 24.08 6.35145ZM22.5519 5.77454C21.8643 5.73596 21.2912 5.96677 20.9474 6.50509L21.8273 7.04342C21.9694 6.57097 22.2172 6.13707 22.5519 5.77454Z" fill="#50E6FF"/>
-</g>
-<defs>
-<linearGradient id="paint0_linear_1073_1077" x1="23.3249" y1="3.8559" x2="25.0804" y2="18.3505" gradientUnits="userSpaceOnUse">
-<stop stop-color="#2195DC"/>
-<stop offset="1" stop-color="#156AB3"/>
-</linearGradient>
-<clipPath id="clip0_1073_1077">
-<rect width="49.9291" height="32" fill="white"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/windows/security/book/images/microsoft-entra-private-access.svg b/windows/security/book/images/microsoft-entra-private-access.svg
deleted file mode 100644
index e28e5fff69..0000000000
--- a/windows/security/book/images/microsoft-entra-private-access.svg
+++ /dev/null
@@ -1,49 +0,0 @@
-<svg width="46" height="32" viewBox="0 0 46 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<g clip-path="url(#clip0_1073_1049)">
-<mask id="mask0_1073_1049" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="0" y="0" width="46" height="32">
-<path d="M45.4194 0H0V32H45.4194V0Z" fill="white"/>
-</mask>
-<g mask="url(#mask0_1073_1049)">
-<path d="M35.3276 10.4997L37.209 9.41296L37.1583 27.4758L35.2769 28.5624L35.3276 10.4997Z" fill="#D9D9D9"/>
-<path d="M31.147 18.0385V18.8864L25.3242 15.5511V14.7033L31.147 18.0385ZM31.147 20.0755V20.9234L25.3242 17.5882V16.7403L31.147 20.0755ZM31.8252 16.4556V17.3037L25.3242 13.5162V12.6678L31.8252 16.4556Z" fill="#E2E2E2"/>
-<path d="M35.6387 10.3205L35.9533 10.1388L35.9015 28.2008L35.5879 28.3825L35.6387 10.3205Z" fill="#C8C8C8"/>
-<path d="M36.2669 9.95719L36.5808 9.77551L36.53 27.8384L36.2153 28.0201L36.2669 9.95719Z" fill="#C8C8C8"/>
-<path d="M36.8954 9.59488L37.2092 9.41321L37.1584 27.475L36.8438 27.6567L36.8954 9.59488Z" fill="#C8C8C8"/>
-<path d="M33.0426 9.91029L33.6692 9.54858L33.6603 12.6827L33.0337 13.0444L33.0426 9.91049V9.91029Z" fill="#2195DC"/>
-<path d="M30.6233 8.52049L31.2507 8.15796L33.6693 9.54862L33.0429 9.91032L30.6233 8.52049Z" fill="#32B0E7"/>
-<path d="M16.8047 12.1751L18.1858 11.3724L20.4783 12.6964L19.0977 13.4983L16.8047 12.1751Z" fill="#0078D4"/>
-<path d="M19.9048 12.6414L21.2861 11.8394L23.5792 13.1631L22.1978 13.9652L19.9048 12.6414Z" fill="#0078D4"/>
-<path d="M22.9854 20.186L24.3667 19.3835L26.6592 20.7073L25.2784 21.51L22.9854 20.186Z" fill="#0078D4"/>
-<path d="M34.3124 18.209L34.2711 29.5845C34.2711 30.4723 33.6517 30.8232 32.8878 30.369L14.1008 19.5303C13.7017 19.2661 13.3696 18.9127 13.1304 18.4981C12.8914 18.081 12.7503 17.6151 12.7175 17.1355L12.7588 5.76001L34.3124 18.209Z" fill="#FBFBFB"/>
-<path d="M33.8789 30.4516L34.7254 29.9561C34.9731 29.8116 35.1176 29.5019 35.1176 29.0684L34.2712 29.5638C34.2712 30.018 34.106 30.3071 33.8789 30.4516Z" fill="#DCDCDC"/>
-<path d="M34.3123 18.2091L34.271 29.5846L35.1174 29.0891L35.1587 17.7136L34.3123 18.2091Z" fill="#DCDCDC"/>
-<path d="M32.929 13.1922C33.3281 13.4565 33.6603 13.8099 33.8993 14.2245C34.1384 14.6416 34.2794 15.1075 34.3122 15.5871V18.2916L12.738 5.84256V3.13804C12.738 2.2503 13.3574 1.89933 14.1213 2.33288L32.929 13.1922Z" fill="#F0F0F0"/>
-<path d="M34.7665 13.7084C34.5212 13.2984 34.1903 12.9462 33.7961 12.6761L15.009 1.83744C14.6168 1.61034 14.2658 1.5897 14.0181 1.73422L13.1716 2.22969C13.4194 2.08517 13.7703 2.10582 14.1626 2.33292L32.9497 13.1716C33.3488 13.4359 33.6809 13.7893 33.92 14.2039C34.1591 14.621 34.3001 15.0869 34.3329 15.5665V18.271L35.1794 17.7755V15.071C35.1368 14.5933 34.9962 14.1294 34.7665 13.7084Z" fill="#D2D2D2"/>
-<path d="M21.6156 13.8323C21.744 13.9157 21.8503 14.0291 21.9253 14.1626C22.0008 14.2964 22.05 14.4438 22.0698 14.5962C22.0698 14.9059 21.8633 14.9884 21.6156 14.8646L16.1446 11.7059C16.0095 11.6152 15.8966 11.4953 15.8143 11.3549C15.7327 11.2175 15.6899 11.0605 15.6904 10.9007C15.6904 10.591 15.8969 10.5084 16.1446 10.653L21.6156 13.8323ZM26.0543 15.4839L26.4259 16.1446L24.1756 17.4246L23.2466 15.8142L23.6182 15.5872L24.1756 16.5575L26.0543 15.4839Z" fill="#50E6FF"/>
-<path d="M21.5949 20.1084C21.7233 20.1918 21.8296 20.3052 21.9045 20.4388C21.9801 20.5725 22.0292 20.7197 22.0491 20.8723C22.0491 21.182 21.8426 21.2646 21.5949 21.1407L16.1239 17.982C15.9888 17.8914 15.8758 17.7714 15.7936 17.631C15.712 17.4936 15.6691 17.3366 15.6697 17.1768C15.6697 16.8671 15.8761 16.7846 16.1239 16.9291L21.5949 20.1084ZM26.0336 21.8426L26.4052 22.5033L24.1549 23.7833L23.2258 22.173L23.5974 21.9459L24.1549 22.9162L26.0336 21.8426Z" fill="#32B0E7"/>
-<path d="M21.6156 16.9497C21.744 17.0331 21.8503 17.1465 21.9253 17.2801C21.9948 17.4165 22.0436 17.5627 22.0698 17.7136C22.0698 18.0233 21.8633 18.1059 21.6156 17.982L16.1446 14.8233C16.0095 14.7327 15.8966 14.6127 15.8143 14.4723C15.7327 14.3349 15.6899 14.1779 15.6904 14.0181C15.6904 13.7085 15.8969 13.6259 16.1446 13.7704L21.6156 16.9497ZM26.0543 18.5807L26.4259 19.2414L24.1756 20.5214L23.2053 18.911L23.5769 18.6839L24.155 19.6543L26.0543 18.5807Z" fill="#45CAF2"/>
-<path d="M15.9382 25.2491C15.8236 24.2519 15.4384 23.3053 14.8243 22.5113C14.2102 21.7175 13.3906 21.1068 12.4543 20.7455C11.518 20.384 10.5006 20.2857 9.51243 20.4611C8.52423 20.6365 7.60286 21.0789 6.84809 21.7404C5.83685 22.6269 5.18537 23.853 5.01687 25.1871C4.97161 25.3833 4.95768 25.5854 4.97558 25.7858C5.03751 26.5497 5.59493 27.2929 6.5859 27.8916C8.75364 29.1304 12.222 29.1304 14.3691 27.8916C15.3601 27.3136 15.8969 26.5497 15.9588 25.8065C15.9734 25.6205 15.9665 25.4334 15.9382 25.2491Z" fill="url(#paint0_linear_1073_1049)"/>
-<path d="M10.4672 19.7987C11.1217 19.8016 11.762 19.6074 12.3046 19.2413C12.8471 18.8789 13.27 18.3639 13.5199 17.7613C13.7697 17.1586 13.8354 16.4954 13.7085 15.8555C13.5833 15.2125 13.2667 14.6224 12.8001 14.1626C12.3322 13.7069 11.7455 13.3921 11.1072 13.2542C10.4695 13.1287 9.80905 13.1933 9.20782 13.44C8.60606 13.6956 8.09019 14.1183 7.72137 14.6581C7.35254 15.1994 7.15804 15.8405 7.16395 16.4955C7.16232 16.9276 7.24653 17.3556 7.41169 17.7549C7.58148 18.1557 7.8268 18.5202 8.13427 18.8284C8.43881 19.1403 8.80423 19.3863 9.20782 19.551C9.60706 19.7162 10.0351 19.8004 10.4672 19.7987Z" fill="url(#paint1_linear_1073_1049)"/>
-<path d="M36.5283 20.538C36.6109 20.4968 36.6109 20.3316 36.5283 20.1664L36.0741 19.3613C35.9915 19.2168 35.9709 19.0516 36.0535 18.969L36.5489 18.68C36.6315 18.6387 36.6315 18.4735 36.5489 18.3084L35.9089 17.1935V16.9251L34.7735 17.5858V17.8542L35.4135 18.969C35.4517 19.0187 35.4742 19.0787 35.4779 19.1413C35.4816 19.2039 35.4663 19.2662 35.4341 19.32L34.9386 19.609C34.8354 19.6709 34.8354 19.8361 34.9386 20.0013L35.4135 20.8064C35.4517 20.8562 35.4742 20.9161 35.4779 20.9788C35.4816 21.0414 35.4663 21.1035 35.4341 21.1574L34.9593 21.4464C34.856 21.5084 34.856 21.6735 34.9593 21.8387L35.4341 22.6438C35.5167 22.7884 35.5167 22.9535 35.4341 23.0155L36.5696 22.3548C36.6522 22.3135 36.6522 22.1484 36.5696 21.9832L36.0948 21.178C36.0122 21.0129 35.9915 20.8477 36.0741 20.7858L36.5283 20.538ZM38.7718 12.4904L35.7989 7.32906C35.5117 6.79786 35.092 6.34984 34.5808 6.02842C34.1473 5.76003 33.6931 5.71874 33.3628 5.90454L32.2273 6.56519C32.5576 6.37938 33.0118 6.44132 33.4454 6.68906C33.9611 7.00497 34.382 7.45436 34.6634 7.98971L37.6363 13.151C38.3176 14.3278 38.3176 15.5871 37.6363 15.9794L38.7718 15.3187C39.4531 14.9265 39.4531 13.6465 38.7718 12.4904ZM33.5486 10.4258L33.6105 10.4465L33.6518 10.4671C33.6725 10.4671 33.6931 10.4878 33.7137 10.4878H34.0234C34.0441 10.4878 34.0441 10.4878 34.0647 10.4671C34.0854 10.4671 34.0854 10.4671 34.106 10.4465C34.1266 10.4465 34.1266 10.4258 34.1473 10.4258C34.2487 10.355 34.329 10.2582 34.3798 10.1456C34.4305 10.0329 34.4502 9.90865 34.4363 9.78584C34.4396 9.71639 34.4328 9.64681 34.4157 9.57938C33.985 9.23413 33.6981 8.74115 33.6105 8.19616C33.5604 8.15448 33.5048 8.11975 33.4454 8.09293C33.1563 7.92777 32.7744 7.89556 32.6092 8.01944L32.5886 8.04008C32.5832 8.04008 32.5778 8.04225 32.5739 8.04613C32.5702 8.04999 32.5679 8.05525 32.5679 8.06073L32.5473 8.08137C32.5473 8.10202 32.5266 8.10202 32.5266 8.12266L32.506 8.14331C32.506 8.16395 32.4854 8.16395 32.4854 8.1846C32.4854 8.20524 32.4647 8.20524 32.4647 8.22589C32.4624 8.24152 32.4552 8.25599 32.4441 8.26718C32.4441 8.28782 32.4234 8.28782 32.4234 8.30847C32.4234 8.32911 32.4028 8.34976 32.4028 8.3704V8.41169C32.4036 8.4406 32.3966 8.46919 32.3821 8.49427V8.61814C32.3943 8.97896 32.4823 9.33319 32.6402 9.65783C32.8132 9.951 33.5486 10.4258 33.5486 10.4258Z" fill="#32B0E7"/>
-<path d="M37.6361 15.9588L34.7871 17.5897V17.8581L35.4271 18.9729C35.5096 19.1175 35.5096 19.2826 35.4271 19.3446L34.9522 19.6129C34.849 19.6749 34.849 19.84 34.9522 20.0052L35.4271 20.8103C35.5096 20.9549 35.5096 21.12 35.4271 21.182L34.9522 21.4503C34.849 21.5123 34.849 21.6774 34.9522 21.8426L35.4271 22.6478C35.5096 22.7923 35.5096 22.9574 35.4271 23.0194L34.7664 23.391L33.6516 24.031C33.6053 24.0479 33.5562 24.0549 33.5071 24.0516C33.4567 24.0475 33.4076 24.0335 33.3625 24.0103C33.248 23.941 33.1549 23.8409 33.0942 23.7213L31.9587 21.76C31.8542 21.585 31.7972 21.3857 31.7935 21.182L31.8142 15.8555C31.8076 15.6875 31.7578 15.524 31.6696 15.3807L29.1922 11.0865C28.5109 9.90972 28.5316 8.65037 29.1922 8.25811L32.2064 6.54456C32.5367 6.35875 32.9909 6.42069 33.4245 6.66843C33.9402 6.98434 34.3612 7.43371 34.6425 7.96908L37.6154 13.1304C38.3174 14.3071 38.3174 15.5871 37.6361 15.9588ZM33.4245 8.09295C32.8877 7.78327 32.4335 8.03101 32.4335 8.65037C32.4566 8.99122 32.5553 9.32278 32.7225 9.62069C32.8956 9.91404 33.1363 10.1618 33.4245 10.3433C33.9613 10.6529 34.4154 10.4052 34.4154 9.78585C34.3923 9.44496 34.2936 9.11348 34.1264 8.81553C33.9534 8.52216 33.7127 8.2744 33.4245 8.09295ZM31.2774 12.3871L35.6542 14.9265C35.7987 15.0091 35.9225 14.9471 35.9225 14.782V14.72C35.924 14.6241 35.8951 14.5302 35.84 14.4517C35.7956 14.3689 35.7318 14.2981 35.6542 14.2452L31.2774 11.7059C31.1329 11.6233 31.009 11.6852 31.009 11.8504V11.9123C31.0076 12.0083 31.0365 12.1022 31.0916 12.1807C31.1484 12.254 31.2105 12.3231 31.2774 12.3871ZM31.0296 10.7768V10.8388C31.0282 10.9348 31.0571 11.0287 31.1122 11.1071C31.163 11.1852 31.2256 11.255 31.298 11.3136L35.6748 13.8323C35.8193 13.9149 35.9432 13.8529 35.9432 13.6878V13.6259C35.9446 13.5299 35.9157 13.436 35.8606 13.3575C35.8162 13.2747 35.7524 13.2038 35.6748 13.151L31.298 10.6117C31.1535 10.5497 31.0296 10.6117 31.0296 10.7768ZM32.9703 21.8013L32.9909 17.4865C32.988 17.3879 32.9517 17.2932 32.8877 17.2181C32.8617 17.1687 32.8171 17.1316 32.7638 17.1149C32.6606 17.0529 32.5574 17.0942 32.5574 17.2388L32.5367 21.5536C32.5351 21.6337 32.5566 21.7125 32.5987 21.7807C32.6301 21.8432 32.6806 21.8938 32.7432 21.9252C32.8671 22.0078 32.9703 21.9665 32.9703 21.8013Z" fill="url(#paint2_linear_1073_1049)"/>
-<path d="M31.2775 12.3871L35.6542 14.9264C35.7988 15.009 35.9226 14.9471 35.9226 14.7819V14.72C35.9241 14.624 35.8952 14.5301 35.8401 14.4516C35.7957 14.3688 35.7319 14.298 35.6542 14.2451L31.2775 11.7058C31.133 11.6232 31.0091 11.6851 31.0091 11.8503V11.9122C31.0076 12.0082 31.0365 12.1022 31.0917 12.1806C31.1484 12.2539 31.2106 12.3231 31.2775 12.3871ZM31.0297 10.7767V10.8387C31.0283 10.9347 31.0572 11.0286 31.1123 11.1071C31.1567 11.1898 31.2205 11.2607 31.2981 11.3135L35.6749 13.8322C35.8194 13.9148 35.9433 13.8529 35.9433 13.6877V13.6258C35.9447 13.5298 35.9158 13.4359 35.8607 13.3574C35.8163 13.2746 35.7525 13.2038 35.6749 13.1509L31.2981 10.6116C31.1536 10.5496 31.0297 10.6116 31.0297 10.7767ZM32.9704 21.8012L32.991 17.4864C32.9881 17.3878 32.9516 17.2932 32.8878 17.218C32.8465 17.1767 32.8259 17.1354 32.7639 17.1148C32.6607 17.0529 32.5575 17.0942 32.5575 17.2387L32.5368 21.5535C32.5352 21.6336 32.5566 21.7125 32.5988 21.7806C32.6301 21.8432 32.6807 21.8937 32.7433 21.9251C32.8672 22.0077 32.9704 21.9664 32.9704 21.8012Z" fill="#ACF3FD"/>
-</g>
-</g>
-<defs>
-<linearGradient id="paint0_linear_1073_1049" x1="10.4637" y1="20.3807" x2="10.4637" y2="28.819" gradientUnits="userSpaceOnUse">
-<stop stop-color="#4DC2EB"/>
-<stop offset="1" stop-color="#0078D4"/>
-</linearGradient>
-<linearGradient id="paint1_linear_1073_1049" x1="10.4649" y1="13.1929" x2="10.4649" y2="19.8" gradientUnits="userSpaceOnUse">
-<stop stop-color="#4DC2EB"/>
-<stop offset="1" stop-color="#0078D4"/>
-</linearGradient>
-<linearGradient id="paint2_linear_1073_1049" x1="33.4168" y1="1.05211" x2="33.4168" y2="25.6826" gradientUnits="userSpaceOnUse">
-<stop offset="0.09" stop-color="#50E6FF"/>
-<stop offset="1" stop-color="#45CAF2"/>
-</linearGradient>
-<clipPath id="clip0_1073_1049">
-<rect width="45.4194" height="32" fill="white"/>
-</clipPath>
-</defs>
-</svg>
diff --git a/windows/security/book/images/microsoft-intune.svg b/windows/security/book/images/microsoft-intune.svg
index 4651f1db01..714722c739 100644
--- a/windows/security/book/images/microsoft-intune.svg
+++ b/windows/security/book/images/microsoft-intune.svg
@@ -1,21 +1,21 @@
-<svg width="57" height="32" viewBox="0 0 57 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M40.9807 0.0206299H11.871C11.3009 0.0206299 10.8387 0.482788 10.8387 1.05289V19.7574C10.8387 20.3275 11.3009 20.7897 11.871 20.7897H40.9807C41.5507 20.7897 42.0129 20.3275 42.0129 19.7574V1.05289C42.0129 0.482788 41.5507 0.0206299 40.9807 0.0206299Z" fill="url(#paint0_linear_1073_1098)"/>
-<path d="M39.7006 1.75488H13.1509C12.8317 1.75488 12.5729 2.01369 12.5729 2.33295V18.4981C12.5729 18.8174 12.8317 19.0762 13.1509 19.0762H39.7006C40.0198 19.0762 40.2787 18.8174 40.2787 18.4981V2.33295C40.2787 2.01369 40.0198 1.75488 39.7006 1.75488Z" fill="white"/>
-<path d="M32.6813 27.0865C29.5845 26.6117 29.4606 24.382 29.4813 20.8929H23.2877C23.2877 24.4852 23.1638 26.7149 20.0877 27.0865C19.6697 27.1495 19.2873 27.358 19.0078 27.6751C18.7284 27.9926 18.5698 28.398 18.5599 28.8207H34.1264C34.1164 28.4109 33.9682 28.0168 33.7058 27.702C33.4436 27.3871 33.0823 27.1701 32.6813 27.0865Z" fill="url(#paint1_linear_1073_1098)"/>
-<path d="M45.2542 9.62062H31.0504C30.815 8.46209 30.1575 7.43231 29.206 6.73102C28.2542 6.02971 27.0759 5.70692 25.8997 5.82522C24.7233 5.94351 23.6329 6.49448 22.8399 7.37126C22.0469 8.24803 21.6078 9.38811 21.6078 10.5703C21.6078 11.7525 22.0469 12.8926 22.8399 13.7693C23.6329 14.6461 24.7233 15.1971 25.8997 15.3154C27.0759 15.4337 28.2542 15.1109 29.206 14.4096C30.1575 13.7083 30.815 12.6785 31.0504 11.52H32.5162V31.298C32.5162 31.4787 32.5879 31.6521 32.7157 31.7799C32.8434 31.9076 33.0168 31.9793 33.1975 31.9793H45.2336C45.4142 31.9793 45.5877 31.9076 45.7154 31.7799C45.8431 31.6521 45.9149 31.4787 45.9149 31.298V10.3019C45.9149 10.1248 45.846 9.95451 45.7226 9.82733C45.5993 9.70013 45.4313 9.62599 45.2542 9.62062Z" fill="#32BEDD"/>
-<path d="M44.4284 11.4994H34.0439C33.9071 11.4994 33.7961 11.6103 33.7961 11.7471V29.2129C33.7961 29.3497 33.9071 29.4607 34.0439 29.4607H44.4284C44.5652 29.4607 44.6761 29.3497 44.6761 29.2129V11.7471C44.6761 11.6103 44.5652 11.4994 44.4284 11.4994Z" fill="white"/>
-<path opacity="0.9" d="M26.4258 13.6671C28.0906 13.6671 29.44 12.3176 29.44 10.6529C29.44 8.98817 28.0906 7.63867 26.4258 7.63867C24.7611 7.63867 23.4116 8.98817 23.4116 10.6529C23.4116 12.3176 24.7611 13.6671 26.4258 13.6671Z" fill="url(#paint2_linear_1073_1098)"/>
-<path d="M40.5264 19.7575L38.2142 17.4452C38.1956 17.4285 38.1726 17.4177 38.1479 17.4144C38.1231 17.411 38.098 17.4151 38.0756 17.4263C38.0534 17.4374 38.0348 17.4551 38.023 17.4769C38.0108 17.4987 38.0054 17.5236 38.0077 17.5484V18.9523C38.0077 18.9852 37.9946 19.0167 37.9713 19.0399C37.9481 19.0631 37.9166 19.0762 37.8839 19.0762H32.5161V20.7897H37.8839C37.9166 20.7897 37.9481 20.8028 37.9713 20.826C37.9946 20.8492 38.0077 20.8808 38.0077 20.9136V22.3381C38.0191 22.3552 38.0343 22.3691 38.0524 22.3788C38.0704 22.3885 38.0906 22.3935 38.1109 22.3935C38.1313 22.3935 38.1515 22.3885 38.1695 22.3788C38.1876 22.3691 38.2028 22.3552 38.2142 22.3381L40.5264 20.1291C40.5528 20.1058 40.5739 20.0772 40.5884 20.0452C40.6028 20.0132 40.6103 19.9784 40.6103 19.9433C40.6103 19.9081 40.6028 19.8734 40.5884 19.8413C40.5739 19.8093 40.5528 19.7807 40.5264 19.7575Z" fill="#0078D4"/>
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M39.9806 0.0206299H10.8709C10.3008 0.0206299 9.83862 0.482788 9.83862 1.05289V19.7574C9.83862 20.3275 10.3008 20.7897 10.8709 20.7897H39.9806C40.5506 20.7897 41.0128 20.3275 41.0128 19.7574V1.05289C41.0128 0.482788 40.5506 0.0206299 39.9806 0.0206299Z" fill="url(#paint0_linear_1073_1098)"/>
+<path d="M38.7007 1.75488H12.1511C11.8318 1.75488 11.573 2.01369 11.573 2.33295V18.4981C11.573 18.8174 11.8318 19.0762 12.1511 19.0762H38.7007C39.02 19.0762 39.2788 18.8174 39.2788 18.4981V2.33295C39.2788 2.01369 39.02 1.75488 38.7007 1.75488Z" fill="white"/>
+<path d="M31.6814 27.0865C28.5846 26.6117 28.4607 24.382 28.4814 20.8929H22.2878C22.2878 24.4852 22.1639 26.7149 19.0878 27.0865C18.6698 27.1495 18.2874 27.358 18.008 27.6751C17.7285 27.9926 17.5699 28.398 17.5601 28.8207H33.1265C33.1165 28.4109 32.9683 28.0168 32.7059 27.702C32.4437 27.3871 32.0824 27.1701 31.6814 27.0865Z" fill="url(#paint1_linear_1073_1098)"/>
+<path d="M44.2541 9.62062H30.0502C29.8149 8.4621 29.1573 7.43231 28.2059 6.73102C27.2541 6.02971 26.0758 5.70692 24.8995 5.82522C23.7232 5.94351 22.6328 6.49448 21.8398 7.37126C21.0468 8.24803 20.6077 9.38811 20.6077 10.5703C20.6077 11.7525 21.0468 12.8926 21.8398 13.7693C22.6328 14.6461 23.7232 15.1971 24.8995 15.3154C26.0758 15.4337 27.2541 15.1109 28.2059 14.4096C29.1573 13.7083 29.8149 12.6785 30.0502 11.52H31.5161V31.298C31.5161 31.4787 31.5878 31.6521 31.7155 31.7799C31.8433 31.9076 32.0167 31.9793 32.1973 31.9793H44.2335C44.4141 31.9793 44.5875 31.9076 44.7153 31.7799C44.843 31.6521 44.9148 31.4787 44.9148 31.298V10.3019C44.9148 10.1248 44.8459 9.95451 44.7225 9.82733C44.5991 9.70013 44.4311 9.62599 44.2541 9.62062Z" fill="#32BEDD"/>
+<path d="M43.4284 11.4994H33.0439C32.9071 11.4994 32.7961 11.6103 32.7961 11.7471V29.2129C32.7961 29.3497 32.9071 29.4607 33.0439 29.4607H43.4284C43.5652 29.4607 43.6761 29.3497 43.6761 29.2129V11.7471C43.6761 11.6103 43.5652 11.4994 43.4284 11.4994Z" fill="white"/>
+<path opacity="0.9" d="M25.4258 13.6671C27.0906 13.6671 28.44 12.3176 28.44 10.6529C28.44 8.98817 27.0906 7.63867 25.4258 7.63867C23.7611 7.63867 22.4116 8.98817 22.4116 10.6529C22.4116 12.3176 23.7611 13.6671 25.4258 13.6671Z" fill="url(#paint2_linear_1073_1098)"/>
+<path d="M39.5264 19.7575L37.2142 17.4452C37.1956 17.4285 37.1726 17.4177 37.1479 17.4144C37.1231 17.411 37.098 17.4151 37.0756 17.4263C37.0534 17.4374 37.0348 17.4551 37.023 17.4769C37.0108 17.4987 37.0054 17.5236 37.0077 17.5484V18.9523C37.0077 18.9852 36.9946 19.0167 36.9713 19.0399C36.9481 19.0631 36.9166 19.0762 36.8839 19.0762H31.5161V20.7897H36.8839C36.9166 20.7897 36.9481 20.8028 36.9713 20.826C36.9946 20.8492 37.0077 20.8808 37.0077 20.9136V22.3381C37.0191 22.3552 37.0343 22.3691 37.0524 22.3788C37.0704 22.3885 37.0906 22.3935 37.1109 22.3935C37.1313 22.3935 37.1515 22.3885 37.1695 22.3788C37.1876 22.3691 37.2028 22.3552 37.2142 22.3381L39.5264 20.1291C39.5528 20.1058 39.5739 20.0772 39.5884 20.0452C39.6028 20.0132 39.6103 19.9784 39.6103 19.9433C39.6103 19.9081 39.6028 19.8734 39.5884 19.8413C39.5739 19.8093 39.5528 19.7807 39.5264 19.7575Z" fill="#0078D4"/>
 <defs>
-<linearGradient id="paint0_linear_1073_1098" x1="26.4258" y1="20.7897" x2="26.4258" y2="0.0206299" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint0_linear_1073_1098" x1="25.4257" y1="20.7897" x2="25.4257" y2="0.0206299" gradientUnits="userSpaceOnUse">
 <stop stop-color="#0078D4"/>
 <stop offset="0.82" stop-color="#5EA0EF"/>
 </linearGradient>
-<linearGradient id="paint1_linear_1073_1098" x1="26.4258" y1="28.8207" x2="26.4258" y2="20.7897" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint1_linear_1073_1098" x1="25.4259" y1="28.8207" x2="25.4259" y2="20.7897" gradientUnits="userSpaceOnUse">
 <stop stop-color="#1490DF"/>
 <stop offset="0.98" stop-color="#1F56A3"/>
 </linearGradient>
-<linearGradient id="paint2_linear_1073_1098" x1="26.4258" y1="13.6671" x2="26.4258" y2="7.61803" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint2_linear_1073_1098" x1="25.4258" y1="13.6671" x2="25.4258" y2="7.61803" gradientUnits="userSpaceOnUse">
 <stop stop-color="#D2EBFF"/>
 <stop offset="1" stop-color="#F0FFFD"/>
 </linearGradient>
diff --git a/windows/security/book/images/onedrive.svg b/windows/security/book/images/onedrive.svg
index 2f9f35ede0..6f9ac42e61 100644
--- a/windows/security/book/images/onedrive.svg
+++ b/windows/security/book/images/onedrive.svg
@@ -1,24 +1,29 @@
-<svg width="60" height="32" viewBox="0 0 60 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M25.1525 9.93401L33.428 14.8853L38.3601 12.8133C39.3326 12.3938 40.4067 12.1586 41.5316 12.1586C41.716 12.1586 41.8939 12.165 42.0721 12.1777C40.7118 6.85775 35.8877 2.92346 30.1418 2.92346C25.839 2.92346 22.0572 5.12894 19.858 8.46581C19.9025 8.46581 19.9407 8.46581 19.9851 8.46581C21.8856 8.46581 23.6589 9.00606 25.1589 9.93401H25.1525Z" fill="url(#paint0_linear_1073_1093)"/>
-<path d="M25.1525 9.93405C23.6461 9.00608 21.8792 8.46582 19.9788 8.46582C19.9343 8.46582 19.8961 8.46582 19.8516 8.46582C14.4681 8.53573 10.1271 12.915 10.1271 18.3175C10.1271 20.415 10.7817 22.3536 11.894 23.9489L19.1906 20.879L22.4322 19.5124L29.6526 16.4743L33.4215 14.8853L25.1461 9.9277L25.1525 9.93405Z" fill="url(#paint1_linear_1073_1093)"/>
-<path d="M42.0722 12.1776C41.894 12.1649 41.7161 12.1586 41.5317 12.1586C40.4068 12.1586 39.3326 12.3937 38.3602 12.8132L33.4281 14.8853L34.8581 15.7433L39.5423 18.5526L41.5889 19.7793L48.5806 23.9679C49.1908 22.8365 49.5404 21.5463 49.5404 20.1671C49.5404 15.9277 46.2417 12.4637 42.0784 12.184L42.0722 12.1776Z" fill="url(#paint2_linear_1073_1093)"/>
-<path d="M41.5889 19.773L39.5422 18.5463L34.858 15.7369L33.428 14.8789L29.6588 16.4679L22.4385 19.506L19.197 20.8725L11.9004 23.9424C13.6801 26.4912 16.6356 28.1627 19.9851 28.1627H41.5381C44.5825 28.1627 47.2331 26.4594 48.5868 23.9552L41.5954 19.7666L41.5889 19.773Z" fill="url(#paint3_linear_1073_1093)"/>
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_1073_1093)">
+<path d="M20.2792 8.87548L30.8995 15.2131L37.2289 12.5609C38.477 12.024 39.8555 11.723 41.2991 11.723C41.5357 11.723 41.764 11.7311 41.9927 11.7474C40.247 4.93787 34.056 -0.0980225 26.6821 -0.0980225C21.1602 -0.0980225 16.3068 2.72499 13.4846 6.99618C13.5417 6.99618 13.5907 6.99618 13.6477 6.99618C16.0866 6.99618 18.3624 7.68771 20.2873 8.87548H20.2792Z" fill="url(#paint0_linear_1073_1093)"/>
+<path d="M20.2792 8.87555C18.346 7.68775 16.0785 6.99622 13.6396 6.99622C13.5825 6.99622 13.5335 6.99622 13.4764 6.99622C6.56762 7.0857 0.996582 12.6911 0.996582 19.6064C0.996582 22.2911 1.83671 24.7725 3.26416 26.8145L12.6281 22.8851L16.7881 21.1359L26.0543 17.2471L30.8911 15.2132L20.271 8.86743L20.2792 8.87555Z" fill="url(#paint1_linear_1073_1093)"/>
+<path d="M41.9924 11.7474C41.7637 11.7312 41.5354 11.723 41.2988 11.723C39.8552 11.723 38.4767 12.024 37.2287 12.561L30.8992 15.2132L32.7343 16.3115L38.7457 19.9074L41.3722 21.4776L50.3449 26.839C51.128 25.3908 51.5766 23.7393 51.5766 21.9739C51.5766 16.5474 47.3432 12.1135 42.0004 11.7556L41.9924 11.7474Z" fill="url(#paint2_linear_1073_1093)"/>
+<path d="M41.3724 21.4693L38.7459 19.8992L32.7345 16.3032L30.8994 15.205L26.0622 17.2388L16.7962 21.1277L12.6362 22.8768L3.27222 26.8063C5.55612 30.0687 9.34904 32.2082 13.6476 32.2082H41.3073C45.2142 32.2082 48.6158 30.028 50.3531 26.8226L41.3808 21.4612L41.3724 21.4693Z" fill="url(#paint3_linear_1073_1093)"/>
+</g>
 <defs>
-<linearGradient id="paint0_linear_1073_1093" x1="-61.3072" y1="1.13744" x2="-55.5105" y2="11.1861" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint0_linear_1073_1093" x1="-90.6774" y1="-2.38413" x2="-83.2674" y2="10.4949" gradientUnits="userSpaceOnUse">
 <stop stop-color="#0572C0"/>
 <stop offset="0.88" stop-color="#0364B8"/>
 </linearGradient>
-<linearGradient id="paint1_linear_1073_1093" x1="-68.9915" y1="5.61837" x2="-63.9385" y2="14.3578" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint1_linear_1073_1093" x1="-100.539" y1="3.35148" x2="-94.0795" y2="14.5525" gradientUnits="userSpaceOnUse">
 <stop stop-color="#1885D9"/>
 <stop offset="0.89" stop-color="#107AD5"/>
 </linearGradient>
-<linearGradient id="paint2_linear_1073_1093" x1="-52.5041" y1="7.75391" x2="-46.7775" y2="17.6692" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint2_linear_1073_1093" x1="-79.3805" y1="6.08505" x2="-72.0599" y2="18.7931" gradientUnits="userSpaceOnUse">
 <stop stop-color="#138EDE"/>
 <stop offset="0.94" stop-color="#0D7AD5"/>
 </linearGradient>
-<linearGradient id="paint3_linear_1073_1093" x1="-62.2544" y1="10.881" x2="-55.0021" y2="23.4403" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint3_linear_1073_1093" x1="-91.8931" y1="10.0877" x2="-82.6222" y2="26.1845" gradientUnits="userSpaceOnUse">
 <stop offset="0.1" stop-color="#29A9EA"/>
 <stop offset="0.79" stop-color="#1C94E3"/>
 </linearGradient>
+<clipPath id="clip0_1073_1093">
+<rect width="54" height="32" fill="white"/>
+</clipPath>
 </defs>
 </svg>
diff --git a/windows/security/book/images/universal-print.svg b/windows/security/book/images/universal-print.svg
index d91cd2a276..3c5d0761a2 100644
--- a/windows/security/book/images/universal-print.svg
+++ b/windows/security/book/images/universal-print.svg
@@ -1,22 +1,22 @@
-<svg width="40" height="32" viewBox="0 0 40 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M32.8622 17.5932C32.8622 16.3814 31.0947 15.9828 30.4147 15.0495C29.4785 13.7651 29.3777 12.1206 27.6666 11.8406C27.5815 9.85776 26.718 7.98839 25.2638 6.63782C23.8095 5.28726 21.8815 4.56434 19.8977 4.62582C18.2951 4.59613 16.7225 5.06477 15.3975 5.96704C14.0725 6.8693 13.0603 8.16068 12.5007 9.66285C10.8045 9.86903 9.23838 10.6764 8.08645 11.9383C6.93454 13.2004 6.27312 14.8334 6.22217 16.5414C6.29662 18.4583 7.12789 20.2675 8.53385 21.5726C9.93979 22.8778 11.8058 23.5724 13.7229 23.5043C13.9466 23.5043 14.1674 23.494 14.3836 23.4762H26.5319C26.6401 23.4748 26.7477 23.459 26.8519 23.4288C28.4124 23.4176 29.9086 22.8046 31.0282 21.7173C32.148 20.6302 32.8049 19.1529 32.8622 17.5932Z" fill="url(#paint0_linear_1073_1040)"/>
-<path d="M30.729 12.3118H18.0209C17.7754 12.3118 17.5764 12.5108 17.5764 12.7562V17.3177C17.5764 17.5631 17.7754 17.7621 18.0209 17.7621H30.729C30.9745 17.7621 31.1734 17.5631 31.1734 17.3177V12.7562C31.1734 12.5108 30.9745 12.3118 30.729 12.3118Z" fill="#005BA1"/>
-<path d="M29.388 8.89404H19.3629C19.1174 8.89404 18.9185 9.09303 18.9185 9.33849V16.6718C18.9185 16.9173 19.1174 17.1163 19.3629 17.1163H29.388C29.6335 17.1163 29.8324 16.9173 29.8324 16.6718V9.33849C29.8324 9.09303 29.6335 8.89404 29.388 8.89404Z" fill="url(#paint1_linear_1073_1040)"/>
-<path d="M16.7497 14.7222H32.0001C32.2358 14.7222 32.4619 14.8158 32.6287 14.9825C32.7953 15.1492 32.889 15.3753 32.889 15.6111V24.648H15.8623V15.6111C15.8623 15.3756 15.9557 15.1497 16.1221 14.983C16.2885 14.8164 16.5142 14.7226 16.7497 14.7222Z" fill="#5EA0EF"/>
-<path d="M32.889 23.4822H15.8623V24.9933H32.889V23.4822Z" fill="#0078D4"/>
-<path d="M30.231 20.8333H18.514C18.2685 20.8333 18.0696 21.0322 18.0696 21.2777V22.1547C18.0696 22.4002 18.2685 22.5991 18.514 22.5991H30.231C30.4765 22.5991 30.6754 22.4002 30.6754 22.1547V21.2777C30.6754 21.0322 30.4765 20.8333 30.231 20.8333Z" fill="#83B9F9"/>
-<path d="M29.9925 17.9621C30.2258 17.9621 30.4148 17.7731 30.4148 17.5399C30.4148 17.3067 30.2258 17.1177 29.9925 17.1177C29.7595 17.1177 29.5703 17.3067 29.5703 17.5399C29.5703 17.7731 29.7595 17.9621 29.9925 17.9621Z" fill="#C3F1FF"/>
-<path d="M18.9186 21.1399H29.8325V26.8035C29.8325 26.9214 29.7858 27.0345 29.7024 27.1178C29.619 27.2012 29.506 27.248 29.3881 27.248H19.3614C19.2436 27.248 19.1307 27.2012 19.0473 27.1178C18.9639 27.0345 18.917 26.9214 18.917 26.8035V21.1399H18.9186Z" fill="url(#paint2_linear_1073_1040)"/>
+<svg width="54" height="34" viewBox="0 0 54 34" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M45.0294 19.3174C45.0294 17.5547 42.4462 16.975 41.4523 15.6175C40.0841 13.7492 39.9367 11.3573 37.4359 10.95C37.3114 8.06581 36.0494 5.34673 33.924 3.38225C31.7986 1.4178 28.9808 0.36629 26.0813 0.455709C23.739 0.412525 21.4407 1.09418 19.5041 2.40658C17.5676 3.71896 16.0882 5.59733 15.2703 7.7823C12.7912 8.08221 10.5023 9.2565 8.81872 11.0921C7.13516 12.9278 6.16846 15.3032 6.09399 17.7874C6.20281 20.5757 7.41775 23.2073 9.4726 25.1056C11.5274 27.0041 14.2546 28.0144 17.0566 27.9154C17.3836 27.9154 17.7062 27.9004 18.0223 27.8745H35.7774C35.9356 27.8724 36.0928 27.8494 36.2451 27.8055C38.5259 27.7892 40.7126 26.8976 42.349 25.3161C43.9856 23.7348 44.9457 21.5859 45.0294 19.3174Z" fill="url(#paint0_linear_1073_1040)"/>
+<path d="M41.9117 11.6353H23.3384C22.9795 11.6353 22.6887 11.9247 22.6887 12.2817V18.9166C22.6887 19.2736 22.9795 19.5631 23.3384 19.5631H41.9117C42.2706 19.5631 42.5613 19.2736 42.5613 18.9166V12.2817C42.5613 11.9247 42.2706 11.6353 41.9117 11.6353Z" fill="#005BA1"/>
+<path d="M39.9517 6.66406H25.2997C24.9409 6.66406 24.6501 6.9535 24.6501 7.31053V17.9772C24.6501 18.3342 24.9409 18.6237 25.2997 18.6237H39.9517C40.3106 18.6237 40.6013 18.3342 40.6013 17.9772V7.31053C40.6013 6.9535 40.3106 6.66406 39.9517 6.66406Z" fill="url(#paint1_linear_1073_1040)"/>
+<path d="M21.4803 15.1414H43.7693C44.1138 15.1414 44.4443 15.2776 44.6881 15.5201C44.9315 15.7625 45.0685 16.0914 45.0685 16.4343V29.579H20.1833V16.4343C20.1833 16.0918 20.3199 15.7632 20.5631 15.5208C20.8063 15.2784 21.1361 15.1419 21.4803 15.1414Z" fill="#5EA0EF"/>
+<path d="M45.0685 27.8832H20.1833V30.0812H45.0685V27.8832Z" fill="#0078D4"/>
+<path d="M41.1838 24.0302H24.059C23.7002 24.0302 23.4094 24.3195 23.4094 24.6766V25.9522C23.4094 26.3093 23.7002 26.5987 24.059 26.5987H41.1838C41.5426 26.5987 41.8334 26.3093 41.8334 25.9522V24.6766C41.8334 24.3195 41.5426 24.0302 41.1838 24.0302Z" fill="#83B9F9"/>
+<path d="M40.8354 19.854C41.1763 19.854 41.4524 19.579 41.4524 19.2399C41.4524 18.9007 41.1763 18.6257 40.8354 18.6257C40.4947 18.6257 40.2183 18.9007 40.2183 19.2399C40.2183 19.579 40.4947 19.854 40.8354 19.854Z" fill="#C3F1FF"/>
+<path d="M24.6503 24.4762H40.6015V32.7142C40.6015 32.8857 40.5331 33.0501 40.4113 33.1714C40.2894 33.2927 40.1241 33.3607 39.9519 33.3607H25.2975C25.1253 33.3607 24.9603 33.2927 24.8384 33.1714C24.7165 33.0501 24.6479 32.8857 24.6479 32.7142V24.4762H24.6503Z" fill="url(#paint2_linear_1073_1040)"/>
 <defs>
-<linearGradient id="paint0_linear_1073_1040" x1="19.5422" y1="23.5073" x2="19.5422" y2="4.62582" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint0_linear_1073_1040" x1="25.5617" y1="27.9198" x2="25.5617" y2="0.455711" gradientUnits="userSpaceOnUse">
 <stop stop-color="#773ADC"/>
 <stop offset="0.817" stop-color="#A67AF4"/>
 </linearGradient>
-<linearGradient id="paint1_linear_1073_1040" x1="24.3746" y1="8.89404" x2="24.3746" y2="17.1177" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint1_linear_1073_1040" x1="32.6246" y1="6.66406" x2="32.6246" y2="18.6258" gradientUnits="userSpaceOnUse">
 <stop stop-color="#C3F1FF"/>
 <stop offset="0.999" stop-color="#9CEBFF"/>
 </linearGradient>
-<linearGradient id="paint2_linear_1073_1040" x1="24.3748" y1="27.248" x2="24.3748" y2="21.1399" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint2_linear_1073_1040" x1="32.6247" y1="33.3607" x2="32.6247" y2="24.4762" gradientUnits="userSpaceOnUse">
 <stop stop-color="#C3F1FF"/>
 <stop offset="0.999" stop-color="#9CEBFF"/>
 </linearGradient>
diff --git a/windows/security/book/images/windows-security.svg b/windows/security/book/images/windows-security.svg
index f8574a500f..7882c89525 100644
--- a/windows/security/book/images/windows-security.svg
+++ b/windows/security/book/images/windows-security.svg
@@ -1,22 +1,22 @@
-<svg width="49" height="32" viewBox="0 0 49 32" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M24.2765 31.8354L21.9288 22.8553L24.2765 15.5891L31.1894 12.573L38.2976 15.5891C37.1237 22.2385 32.1675 27.2426 24.7331 31.7667C24.6027 31.7667 24.4722 31.8354 24.2765 31.8354Z" fill="url(#paint0_linear_1073_1125)"/>
-<path d="M24.2765 15.5232V31.838C24.081 31.838 23.9506 31.7693 23.7548 31.7007C16.3205 27.1765 11.4294 22.1724 10.1903 15.5232L16.9726 13.1925L24.2765 15.5232Z" fill="url(#paint1_linear_1073_1125)"/>
-<path d="M24.2765 0.441528C26.2982 0.441528 28.0589 1.05849 29.4285 2.08673C31.6458 3.66336 33.2109 4.48593 37.7107 4.55448C38.2325 4.55448 38.6888 5.03432 38.6888 5.58272V12.3691C38.6888 13.4659 38.5584 14.4941 38.428 15.5224H24.2765L21.9288 7.84483L24.2765 0.441528Z" fill="url(#paint2_linear_1073_1125)"/>
-<path d="M10.1919 15.5222C9.99624 14.494 9.93103 13.3972 9.93103 12.369V5.58259C9.93103 5.0342 10.3223 4.55436 10.9092 4.55436C15.409 4.48581 16.9742 3.66323 19.1915 2.0866C20.4958 1.05837 22.3219 0.441406 24.3434 0.441406V15.5222H10.1919Z" fill="url(#paint3_linear_1073_1125)"/>
+<svg width="54" height="32" viewBox="0 0 54 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M27.2766 31.8354L24.929 22.8553L27.2766 15.5891L34.1895 12.573L41.2977 15.5891C40.1238 22.2385 35.1676 27.2426 27.7332 31.7667C27.6028 31.7667 27.4724 31.8354 27.2766 31.8354Z" fill="url(#paint0_linear_1073_1125)"/>
+<path d="M27.2764 15.5232V31.838C27.0809 31.838 26.9505 31.7693 26.7547 31.7007C19.3203 27.1765 14.4293 22.1724 13.1902 15.5232L19.9725 13.1925L27.2764 15.5232Z" fill="url(#paint1_linear_1073_1125)"/>
+<path d="M27.2766 0.441528C29.2983 0.441528 31.059 1.05849 32.4286 2.08673C34.6459 3.66336 36.211 4.48593 40.7109 4.55448C41.2326 4.55448 41.689 5.03432 41.689 5.58272V12.3691C41.689 13.4659 41.5585 14.4941 41.4281 15.5224H27.2766L24.929 7.84483L27.2766 0.441528Z" fill="url(#paint2_linear_1073_1125)"/>
+<path d="M13.192 15.5222C12.9964 14.494 12.9312 13.3972 12.9312 12.369V5.58259C12.9312 5.0342 13.3224 4.55436 13.9094 4.55436C18.4092 4.48581 19.9743 3.66323 22.1916 2.0866C23.4959 1.05837 25.322 0.441406 27.3435 0.441406V15.5222H13.192Z" fill="url(#paint3_linear_1073_1125)"/>
 <defs>
-<linearGradient id="paint0_linear_1073_1125" x1="32.9701" y1="26.7136" x2="25.6719" y2="14.6876" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint0_linear_1073_1125" x1="35.9702" y1="26.7136" x2="28.672" y2="14.6876" gradientUnits="userSpaceOnUse">
 <stop stop-color="#114A8B"/>
 <stop offset="1" stop-color="#0C59A4"/>
 </linearGradient>
-<linearGradient id="paint1_linear_1073_1125" x1="25.3418" y1="31.1801" x2="14.3342" y2="13.0417" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint1_linear_1073_1125" x1="28.3417" y1="31.1801" x2="17.3341" y2="13.0417" gradientUnits="userSpaceOnUse">
 <stop stop-color="#0669BC"/>
 <stop offset="1" stop-color="#0078D4"/>
 </linearGradient>
-<linearGradient id="paint2_linear_1073_1125" x1="35.2768" y1="17.3893" x2="24.8053" y2="0.134459" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint2_linear_1073_1125" x1="38.2769" y1="17.3893" x2="27.8054" y2="0.134459" gradientUnits="userSpaceOnUse">
 <stop stop-color="#0078D4"/>
 <stop offset="1" stop-color="#1493DF"/>
 </linearGradient>
-<linearGradient id="paint3_linear_1073_1125" x1="22.1142" y1="16.8492" x2="13.5749" y2="2.77815" gradientUnits="userSpaceOnUse">
+<linearGradient id="paint3_linear_1073_1125" x1="25.1143" y1="16.8492" x2="16.575" y2="2.77815" gradientUnits="userSpaceOnUse">
 <stop stop-color="#28AFEA"/>
 <stop offset="1" stop-color="#3CCBF4"/>
 </linearGradient>
diff --git a/windows/security/book/index.md b/windows/security/book/index.md
index 350e25f172..3ee48c98ad 100644
--- a/windows/security/book/index.md
+++ b/windows/security/book/index.md
@@ -1,6 +1,6 @@
 ---
-title: Windows security book introduction
-description: Windows security book introduction
+title: Windows 11 security book - Windows security book introduction
+description: Windows 11 security book introduction.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/operating-system-security-encryption-and-data-protection.md b/windows/security/book/operating-system-security-encryption-and-data-protection.md
index 238afa439c..d9ab85a02b 100644
--- a/windows/security/book/operating-system-security-encryption-and-data-protection.md
+++ b/windows/security/book/operating-system-security-encryption-and-data-protection.md
@@ -1,6 +1,6 @@
 ---
-title: Operating System security
-description: Windows 11 security book - Operating System security chapter.
+title: Windows 11 security book - Encryption and data protection
+description: Operating System security chapter - Encryption and data protection.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/operating-system-security-network-security.md b/windows/security/book/operating-system-security-network-security.md
index 5be1a004aa..fff427b5b2 100644
--- a/windows/security/book/operating-system-security-network-security.md
+++ b/windows/security/book/operating-system-security-network-security.md
@@ -1,6 +1,6 @@
 ---
-title: Operating System security
-description: Windows 11 security book - Operating System security chapter.
+title: Windows 11 security book - Network security
+description: Operating System security chapter - Network security.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/operating-system-security-system-security.md b/windows/security/book/operating-system-security-system-security.md
index 649ebdbe4b..dd056f219e 100644
--- a/windows/security/book/operating-system-security-system-security.md
+++ b/windows/security/book/operating-system-security-system-security.md
@@ -1,6 +1,6 @@
 ---
-title: Operating System security
-description: Windows 11 security book - Operating System security chapter.
+title: Windows 11 security book - System security
+description: Operating System security chapter - System security.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
@@ -139,7 +139,7 @@ Config Refresh can also be paused for a configurable period of time, after which
         Windows allows you to restrict functionality to specific applications using built-in features, making it ideal for public-facing or shared devices like kiosks. You can set up Windows as a kiosk either locally on the device, or through a cloud-based device management solution like Microsoft Intune<sup>[\[7\]](conclusion.md#footnote7)</sup>. Kiosk mode can be configured to run a single app, multiple apps, or a full-screen web browser. You can also configure the device to automatically sign in and launch the designated kiosk app at startup.
     :::column-end:::
     :::column span="2":::
-:::image type="content" source="images/kiosk.png" alt-text="Screenshot of the Windows Security app." border="false" lightbox="images/kiosk.png" :::
+:::image type="content" source="images/kiosk.png" alt-text="Screenshot of a Windows kiosk." border="false" lightbox="images/kiosk.png" :::
     :::column-end:::
 :::row-end:::
 
diff --git a/windows/security/book/operating-system-security-virus-and-threat-protection.md b/windows/security/book/operating-system-security-virus-and-threat-protection.md
index 44eb24d2c9..cb69b30617 100644
--- a/windows/security/book/operating-system-security-virus-and-threat-protection.md
+++ b/windows/security/book/operating-system-security-virus-and-threat-protection.md
@@ -1,11 +1,11 @@
 ---
-title: Operating System security
-description: Windows 11 security book - Operating System security chapter.
+title: Windows 11 security book - Virus and threat protection
+description: Operating System security chapter - Virus and threat protection.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
 
-# Virus and threat protection
+# Virus and threat protection in Windows 11
 
 :::image type="content" source="images/operating-system.png" alt-text="Diagram containing a list of security features." lightbox="images/operating-system.png" border="false":::
 
diff --git a/windows/security/book/operating-system-security.md b/windows/security/book/operating-system-security.md
index cd1f79d3e9..17141c211b 100644
--- a/windows/security/book/operating-system-security.md
+++ b/windows/security/book/operating-system-security.md
@@ -1,6 +1,6 @@
 ---
-title: Operating System security
-description: Windows 11 security book - Operating System security chapter.
+title: Windows 11 security book - Operating System security
+description: Operating System security chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/privacy-controls.md b/windows/security/book/privacy-controls.md
index 21377d5d8a..9aa5d2bd86 100644
--- a/windows/security/book/privacy-controls.md
+++ b/windows/security/book/privacy-controls.md
@@ -1,6 +1,6 @@
 ---
-title: Privacy
-description: Windows 11 security book - Privacy chapter.
+title: Windows 11 security book - Privacy controls
+description: Privacy chapter - Privacy controls.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/privacy.md b/windows/security/book/privacy.md
index ef5c623ebb..d4acb2ffed 100644
--- a/windows/security/book/privacy.md
+++ b/windows/security/book/privacy.md
@@ -1,6 +1,6 @@
 ---
-title: Privacy
-description: Windows 11 security book - Privacy chapter.
+title: Windows 11 security book - Privacy
+description: Privacy chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/security-foundation-certification.md b/windows/security/book/security-foundation-certification.md
index d83dfb1231..1f8c8c878d 100644
--- a/windows/security/book/security-foundation-certification.md
+++ b/windows/security/book/security-foundation-certification.md
@@ -1,6 +1,6 @@
 ---
-title: Security foundation
-description: Windows 11 security book - Security foundation chapter.
+title: Windows 11 security book - Certification
+description: Security foundation chapter - Certification.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/security-foundation-offensive-research.md b/windows/security/book/security-foundation-offensive-research.md
index 4a1fdf3bbf..f40f549653 100644
--- a/windows/security/book/security-foundation-offensive-research.md
+++ b/windows/security/book/security-foundation-offensive-research.md
@@ -1,6 +1,6 @@
 ---
-title: Security foundation
-description: Windows 11 security book - Security foundation chapter.
+title: Windows 11 security book - Secure Future Initiative and offensive research
+description: Security foundation chapter - Secure Future Initiative and offensive research.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/security-foundation-secure-supply-chain.md b/windows/security/book/security-foundation-secure-supply-chain.md
index 9cfdaec1f9..9e638bfbc5 100644
--- a/windows/security/book/security-foundation-secure-supply-chain.md
+++ b/windows/security/book/security-foundation-secure-supply-chain.md
@@ -1,6 +1,6 @@
 ---
-title: Secure supply chain
-description: Windows 11 security book - Security foundation chapter - Secure supply chain.
+title: Windows 11 security book - Secure supply chain
+description: Security foundation chapter - Secure supply chain.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
diff --git a/windows/security/book/security-foundation.md b/windows/security/book/security-foundation.md
index 2a370ff6d5..2748af0a55 100644
--- a/windows/security/book/security-foundation.md
+++ b/windows/security/book/security-foundation.md
@@ -1,14 +1,14 @@
 ---
-title: Security foundation
-description: Windows 11 security book - Security foundation chapter.
+title: Windows 11 security book - Security foundation
+description: Security foundation chapter.
 ms.topic: overview
 ms.date: 11/18/2024
 ---
 
-# Security foundation
+# Security foundation in Windows 11
 
 :::image type="content" source="images/security-foundation-cover.png" alt-text="Cover of the security foundation chapter." border="false":::
 
-Microsoft is committed to continuously investing in improving the development process, building highly secure-by-design software, and addressing security compliance requirements. Security and privacy considerations informed by offensive research are built into each phase of our product design and software development process. Microsoft’s security foundation includes not only our development and certification processes, but also our end-to-end supply chain. The comprehensive Windows 11 security foundation also reflects our deep commitment to principles of security by design and security by default.
+Microsoft is committed to continuously investing in improving the development process, building highly secure-by-design software, and addressing security compliance requirements. Security and privacy considerations informed by offensive research are built into each phase of our product design and software development process. Microsoft's security foundation includes not only our development and certification processes, but also our end-to-end supply chain. The comprehensive Windows 11 security foundation also reflects our deep commitment to principles of security by design and security by default.
 
 :::image type="content" source="images/security-foundation-on.png" alt-text="Diagram containing a list of security features." lightbox="images/security-foundation.png" border="false":::
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index b7d4db82be..e0cd0064c8 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -150,7 +150,7 @@
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ],
         "book/**/*.md": [
-          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+          "<a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
         ],
         "hardware-security/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
@@ -251,7 +251,7 @@
         "security-foundations/certification/**/*.md": "paoloma"
       },
       "ms.collection": {
-        "book/*.md": "tier3",
+        "book/*.md": "tier1",
         "identity-protection/hello-for-business/*.md": "tier1",
         "information-protection/pluton/*.md": "tier1",
         "information-protection/tpm/*.md": "tier1",
@@ -259,9 +259,6 @@
         "operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
         "security-foundations/certification/**/*.md": "tier3",
         "threat-protection/auditing/*.md": "tier3"
-      },
-      "ROBOTS": {
-        "book/*.md": "NOINDEX"
       }
     },
     "template": [],
diff --git a/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md b/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md
index 553251974a..f2c4e29919 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/cloud-only.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business cloud-only deployment guide
 description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: tutorial
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
index 9b2e6325b4..e4312d8684 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business cloud Kerberos trust deployment guide
 description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: tutorial
 ---
 
@@ -169,8 +169,8 @@ If you deployed Windows Hello for Business using the key trust model, and want t
 1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy-settings)
 1. For Microsoft Entra joined devices, sign out and sign in to the device using Windows Hello for Business
 
-> [!NOTE]
-> For Microsoft Entra hybrid joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
+  > [!NOTE]
+  > For Microsoft Entra hybrid joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
 
 ## Migrate from certificate trust deployment model to cloud Kerberos trust
 
@@ -179,11 +179,11 @@ If you deployed Windows Hello for Business using the key trust model, and want t
 
 If you deployed Windows Hello for Business using the certificate trust model, and want to use the cloud Kerberos trust model, you must redeploy Windows Hello for Business by following these steps:
 
-1. Disable the certificate trust policy
-1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy-settings)
-1. Remove the certificate trust credential using the command `certutil.exe -deletehellocontainer` from the user context
-1. Sign out and sign back in
-1. Provision Windows Hello for Business using a method of your choice
+1. Disable the certificate trust policy.
+1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy-settings).
+1. Remove the certificate trust credential using the command `certutil.exe -deletehellocontainer` from the user context.
+1. Sign out and sign back in.
+1. Provision Windows Hello for Business using a method of your choice.
 
 > [!NOTE]
 > For Microsoft Entra hybrid joined devices, users must perform the first sign-in with new credentials while having line of sight to a DC.
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
index c97ec8cde9..742939bf9d 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
@@ -1,7 +1,7 @@
 ---
 title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
 description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: tutorial
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
index 2b775003f0..ce6526f4a7 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business hybrid key trust deployment guide
 description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: tutorial
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md b/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
index 6adbe43c94..11af1ac31c 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 06/23/2024
+ms.date: 11/22/2024
 ms.topic: include
 ---
 
@@ -19,3 +19,6 @@ Windows Hello for Business requires users perform multifactor authentication (MF
 For information on available non-Microsoft authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
 
 Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multifactor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
+
+> [!TIP]
+> When you validate the AD FS configuration, verify if you need to update the configuration of user agent strings to support Windows Integrated Authentication (WIA). For more information, see [Change WIASupportedUserAgent settings](/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia#change-wiasupporteduseragent-settings).
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
index 7446d01e92..73dd0d6cbf 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
@@ -33,14 +33,14 @@ Windows Hello for Business works exclusively with the Active Directory Federatio
 
 Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
 
-1. Open the **Certification Authority** management console
-1. Expand the parent node from the navigation pane
-1. Select **Certificate Templates** in the navigation pane
-1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
-1. In the **Enable Certificates Templates** window, select the *WHFB Enrollment Agent* template you created in the previous step. Select **OK** to publish the selected certificate templates to the certification authority
-1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
-   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
-1. Close the console
+1. Open the **Certification Authority** management console.
+1. Expand the parent node from the navigation pane.
+1. Select **Certificate Templates** in the navigation pane.
+1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue.
+1. In the **Enable Certificates Templates** window, select the *WHFB Enrollment Agent* template you created in the previous step. Select **OK** to publish the selected certificate templates to the certification authority.
+1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list.
+   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation.
+1. Close the console.
 
 ## Configure the certificate registration authority
 
@@ -55,7 +55,7 @@ Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplat
    ```
 
 >[!NOTE]
-> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace *WHFBEnrollmentAgent* and *WHFBAuthentication* in the above command with the name of your certificate templates. It's important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name by using the `Get-CATemplate` PowerShell cmdlet on a CA.
+> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace *WHFBEnrollmentAgent* and *WHFBAuthentication* in the above command with the name of your certificate templates. It's important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (_certtmpl.msc_). Or, you can view the template name by using the `Get-CATemplate` PowerShell cmdlet on a CA.
 
 ### Enrollment agent certificate lifecycle management
 
@@ -89,18 +89,18 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
 > [!div class="checklist"]
 > Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 >
-> - Configure an enrollment agent certificate template
-> - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
-> - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
-> - Confirm you properly configured the Windows Hello for Business authentication certificate template
-> - Confirm all certificate templates were properly published to the appropriate issuing certificate authorities
-> - Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template
-> - Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet
-> Confirm you restarted the AD FS service
-> - Confirm you properly configured load-balancing (hardware or software)
-> - Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address
-> - Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server
-> - Confirm you have deployed a MFA solution for AD FS
+> - Configure an enrollment agent certificate template.
+> - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template.
+> - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance.
+> - Confirm you properly configured the Windows Hello for Business authentication certificate template.
+> - Confirm all certificate templates were properly published to the appropriate issuing certificate authorities.
+> - Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template.
+> - Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet.
+> - Confirm you restarted the AD FS service.
+> - Confirm you properly configured load-balancing (hardware or software).
+> - Confirm you created a DNS A Record for the federation service and the IP address used is the load-balanced IP address.
+> - Confirm you created and deployed the Intranet Zone settings to prevent double authentication to the federation server.
+> - Confirm you have deployed a MFA solution for AD FS.
 
 > [!div class="nextstepaction"]
 > [Next: configure and enroll in Windows Hello for Business >](on-premises-cert-trust-enroll.md)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs.md
index d9e217575b..123d35b434 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs.md
@@ -1,7 +1,7 @@
 ---
 title: Configure Active Directory Federation Services in an on-premises key trust model
 description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business key trust model.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: tutorial
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md b/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md
index 0aeded8941..efbea47423 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md
@@ -1,7 +1,7 @@
 ---
 title: Prepare users to provision and use Windows Hello for Business
 description: Learn how to prepare users to enroll and to use Windows Hello for Business.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: end-user-help
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/dual-enrollment.md b/windows/security/identity-protection/hello-for-business/dual-enrollment.md
index 7dd1507298..0d5f859326 100644
--- a/windows/security/identity-protection/hello-for-business/dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/dual-enrollment.md
@@ -1,7 +1,7 @@
 ---
 title: Dual enrollment
 description: Learn how to configure Windows Hello for Business dual enrollment and how to configure Active Directory to support Domain Administrator enrollment.
-ms.date: 05/06/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
@@ -40,7 +40,7 @@ Active Directory Domain Services uses `AdminSDHolder` to secure privileged users
 
 Sign in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
-1. Type the following command to add the **allow** read and write property permissions for msDS-KeyCredentialLink attribute for the `Key Admins` group on the `AdminSDHolder` object
+1. Type the following command to add the **allow** read and write property permissions for msDS-KeyCredentialLink attribute for the `Key Admins` group on the `AdminSDHolder` object.
 
     ```cmd
     dsacls "CN=AdminSDHolder,CN=System,DC=domain,DC=com" /g "[domainName\keyAdminGroup]":RPWP;msDS-KeyCredentialLink
@@ -52,21 +52,21 @@ Sign in to a domain controller or management workstation with access equivalent
     dsacls "CN=AdminSDHolder,CN=System,DC=corp,DC=mstepdemo,DC=net" /g "mstepdemo\Key Admins":RPWP;msDS-KeyCredentialLink
     ```
 
-1. To trigger security descriptor propagation, open `ldp.exe`
-1. Select **Connection** and select **Connect...**  Next to **Server**, type the name of the domain controller that holds the PDC role for the domain. Next to **Port**, type **389** and select **OK**
-1. Select **Connection** and select **Bind...**  Select **OK** to bind as the currently signed-in user
-1. Select **Browser** and select **Modify**. Leave the **DN** text box blank. Next to **Attribute**, type **RunProtectAdminGroupsTask**. Next to **Values**, type `1`. Select **Enter** to add this to the **Entry List**
-1. Select **Run** to start the task
-1. Close LDP
+1. To trigger security descriptor propagation, open `ldp.exe`.
+1. Select **Connection** and select **Connect...**  Next to **Server**, type the name of the domain controller that holds the PDC role for the domain. Next to **Port**, type **389** and select **OK**.
+1. Select **Connection** and select **Bind...**  Select **OK** to bind as the currently signed-in user.
+1. Select **Browser** and select **Modify**. Leave the **DN** text box blank. Next to **Attribute**, type **RunProtectAdminGroupsTask**. Next to **Values**, type `1`. Select **Enter** to add this to the **Entry List**.
+1. Select **Run** to start the task.
+1. Close LDP.
 
 ### Configure dual enrollment with group policy
 
 You configure Windows to support dual enrollment using the computer configuration portion of a Group Policy object:
 
-1. Using the Group Policy Management Console (GPMC), create a new domain-based Group Policy object and link it to an organizational Unit that contains Active Directory computer objects used by privileged users
-1. Edit the Group Policy object from step 1
+1. Using the Group Policy Management Console (GPMC), create a new domain-based Group Policy object and link it to an organizational Unit that contains Active Directory computer objects used by privileged users.
+1. Edit the Group Policy object from step 1.
 1. Enable the **Allow enumeration of emulated smart cards for all users** policy setting located under **Computer Configuration->Administrative Templates->Windows Components->Windows Hello for Business**
-1. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC
-1. Restart computers targeted by this Group Policy object
+1. Close the Group Policy Management Editor to save the Group Policy object. Close the GPMC.
+1. Restart computers targeted by this Group Policy object.
 
-The computer is ready for dual enrollment. Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the nonprivileged user and enroll for Windows Hello for Business. You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
+   The computer is ready for dual enrollment. Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the nonprivileged user and enroll for Windows Hello for Business. You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index e6b79420ad..aaed7b870d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business known deployment issues
 description: This article is a troubleshooting guide for known Windows Hello for Business deployment issues.
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ms.topic: troubleshooting
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index ef8e864841..8524027332 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -2,7 +2,7 @@
 title: Windows Hello errors during PIN creation
 description: Learn about the Windows Hello error codes that might happen during PIN creation.
 ms.topic: troubleshooting
-ms.date: 03/12/2024
+ms.date: 11/22/2024
 ---
 
 # Windows Hello errors during PIN creation
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index e1845d9363..8c46258086 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -1,7 +1,7 @@
 ---
 title: Dynamic lock
 description: Learn how to configure dynamic lock on Windows devices via group policies. This feature locks a device when a Bluetooth signal falls below a set value.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
@@ -19,33 +19,33 @@ You can configure Windows devices to use the **dynamic lock** using a Group Poli
 1. Enable the **Configure dynamic lock factors** policy setting located under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**.
 1. Close the Group Policy Management Editor to save the Group Policy object.
 
-The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value:
+   The Group Policy Editor, when the policy is enabled, creates a default signal rule policy with the following value:
 
-```xml
-<rule schemaVersion="1.0">
-  <signal type="bluetooth" scenario="Dynamic Lock" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
-</rule>
-```
+    ```xml
+     <rule schemaVersion="1.0">
+     <signal type="bluetooth" scenario="Dynamic Lock" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
+     </rule>
+    ```
 
->[!IMPORTANT]
->Microsoft recommends using the default values for this policy settings.  Measurements are relative based on the varying conditions of each environment.  Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.
+  >[!IMPORTANT]
+  >Microsoft recommends using the default values for this policy settings. Measurements are relative based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting.
 
-For this policy setting, the `type` and `scenario` attribute values are static and can't change. The `classofDevice` is configurable but Phone is the only currently supported configuration. The attribute defaults to Phone and uses the values from the following table:
+  For this policy setting, the `type` and `scenario` attribute values are static and can't change. The `classofDevice` is configurable but Phone is the only currently supported configuration. The attribute defaults to Phone and uses the values from the following table:
 
-|Description|Value|
-|:-------------|:-------:|
-|Miscellaneous|0|
-|Computer|256|
-|Phone|512|
-|LAN/Network Access Point|768|
-|Audio/Video|1024|
-|Peripheral|1280|
-|Imaging|1536|
-|Wearable|1792|
-|Toy|2048|
-|Health|2304|
-|Uncategorized|7936|
+  |Description|Value|
+  |:-------------|:-------:|
+  |Miscellaneous|0|
+  |Computer|256|
+  |Phone|512|
+  |LAN/Network Access Point|768|
+  |Audio/Video|1024|
+  |Peripheral|1280|
+  |Imaging|1536|
+  |Wearable|1792|
+  |Toy|2048|
+  |Health|2304|
+  |Uncategorized|7936|
 
-The `rssiMin` attribute value signal indicates the strength needed for the device to be considered *in-range*.  The default value of `-10` enables a user to move about an average size office or cubicle without triggering Windows to lock the device.  The `rssiMaxDelta` has a default value of `-10`, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10.
+  The `rssiMin` attribute value signal indicates the strength needed for the device to be considered *in-range*. The default value of `-10` enables a user to move about an average size office or cubicle without triggering Windows to lock the device. The `rssiMaxDelta` has a default value of `-10`, which instruct Windows to lock the device once the signal strength weakens by more than measurement of 10.
 
-RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
+  RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 3d2908e78a..613da4d993 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -1,7 +1,7 @@
 ---
 title: Use Certificates to enable SSO for Microsoft Entra join devices
 description: If you want to use certificates for on-premises single-sign on for Microsoft Entra joined devices, then follow these additional steps.
-ms.date: 04/24/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
@@ -62,21 +62,21 @@ To include the on-premises distinguished name in the certificate's subject, Micr
 
 Sign-in to computer running Microsoft Entra Connect with access equivalent to *local administrator*.
 
-1. Open **Synchronization Services** from the **Microsoft Entra Connect** folder
-1. In the **Synchronization Service Manager**, select **Help** and then select **About**
-1. If the version number isn't **1.1.819** or later, then upgrade Microsoft Entra Connect to the latest version
+1. Open **Synchronization Services** from the **Microsoft Entra Connect** folder.
+1. In the **Synchronization Service Manager**, select **Help** and then select **About**.
+1. If the version number isn't **1.1.819** or later, then upgrade Microsoft Entra Connect to the latest version.
 
 ### Verify the onPremisesDistinguishedName attribute is synchronized
 
 The easiest way to verify that the onPremisesDistingushedNamne attribute is synchronized is to use the Graph Explorer for Microsoft Graph.
 
-1. Open a web browser and navigate to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer)
-1. Select **Sign in to Graph Explorer** and provide Microsoft Entra ID credentials
+1. Open a web browser and navigate to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
+1. Select **Sign in to Graph Explorer** and provide Microsoft Entra ID credentials.
 
    > [!NOTE]
    > To successfully query the Graph API, adequate [permissions](/graph/api/user-get?) must be granted
 1. Select **Modify permissions (Preview)**. Scroll down and locate **User.Read.All** (or any other required permission) and select **Consent**. You'll now be prompted for delegated permissions consent
-1. In the Graph Explorer URL, enter `https://graph.microsoft.com/v1.0/users/[userid]?$select=displayName,userPrincipalName,onPremisesDistinguishedName`, where **[userid]** is the user principal name of a user in Microsoft Entra ID. Select **Run query**
+1. In the Graph Explorer URL, enter `https://graph.microsoft.com/v1.0/users/[userid]?$select=displayName,userPrincipalName,onPremisesDistinguishedName`, where **[userid]** is the user principal name of a user in Microsoft Entra ID. Select **Run query**.
 
    > [!NOTE]
    > Because the v1.0 endpoint of the Graph API only provides a limited set of parameters, we will use the $select [Optional OData query parameter](/graph/api/user-get?). For convenience, it is possible to switch the API version selector from **v1.0** to **beta** before performing the query. This will provide all available user information, but remember, **beta** endpoint queries should not be used in production scenarios.
@@ -91,7 +91,7 @@ The easiest way to verify that the onPremisesDistingushedNamne attribute is sync
    GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}?$select=displayName,userPrincipalName,onPremisesDistinguishedName
    ```
 
-1. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute. Ensure the attribute has a value and that the value is accurate for the given user. If the **onPremisesDistinguishedName** attribute isn't synchronized the value will be **null**
+1. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute. Ensure the attribute has a value and that the value is accurate for the given user. If the **onPremisesDistinguishedName** attribute isn't synchronized the value will be **null**.
 
    #### Response
    <!-- {
@@ -119,23 +119,23 @@ The deployment uses the **NDES Servers** security group to assign the NDES servi
 
 Sign-in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
-1. Open **Active Directory Users and Computers**
-1. Expand the domain node from the navigation pane
-1. Right-click the **Users** container. Hover over **New** and select **Group**
-1. Type **NDES Servers** in the **Group Name** text box
-1. Select **OK**
+1. Open **Active Directory Users and Computers**.
+1. Expand the domain node from the navigation pane.
+1. Right-click the **Users** container. Hover over **New** and select **Group**.
+1. Type **NDES Servers** in the **Group Name** text box.
+1. Select **OK**.
 
 ### Add the NDES server to the NDES Servers global security group
 
 Sign-in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
-1. Open **Active Directory Users and Computers**
-1. Expand the domain node from the navigation pane
-1. Select **Computers** from the navigation pane. Right-click the name of the NDES server that will host the NDES server role. Select **Add to a group**
-1. Type **NDES Servers** in **Enter the object names to select**. Select **OK**. Select **OK** on the **Active Directory Domain Services** success dialog
+1. Open **Active Directory Users and Computers**.
+1. Expand the domain node from the navigation pane.
+1. Select **Computers** from the navigation pane. Right-click the name of the NDES server that will host the NDES server role. Select **Add to a group**.
+1. Type **NDES Servers** in **Enter the object names to select**. Select **OK**. Select **OK** on the **Active Directory Domain Services** success dialog.
 
-> [!NOTE]
-> For high-availability, you should have more than one NDES server to service Windows Hello for Business certificate requests. You should add additional Windows Hello for Business NDES servers to this group to ensure they receive the proper configuration.
+   > [!NOTE]
+   > For high-availability, you should have more than one NDES server to service Windows Hello for Business certificate requests. You should add additional Windows Hello for Business NDES servers to this group to ensure they receive the proper configuration.
 
 ### Create the NDES Service Account
 
@@ -143,10 +143,10 @@ The Network Device Enrollment Services (NDES) role runs under a service account.
 
 Sign-in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
-1. In the navigation pane, expand the node that has your domain name. Select **Users**
-1. Right-click the **Users** container. Hover over **New** and then select **User**. Type **NDESSvc** in  **Full Name** and **User logon name**. Select **Next**
-1. Type a secure password in **Password**. Confirm the secure password in **Confirm Password**. Clear **User must change password at next logon**. Select **Next**
-1. Select **Finish**
+1. In the navigation pane, expand the node that has your domain name. Select **Users**.
+1. Right-click the **Users** container. Hover over **New** and then select **User**. Type **NDESSvc** in  **Full Name** and **User logon name**. Select **Next**.
+1. Type a secure password in **Password**. Confirm the secure password in **Confirm Password**. Clear **User must change password at next logon**. Select **Next**.
+1. Select **Finish**.
 
 > [!IMPORTANT]
 > Configuring the service's account password to **Password never expires** may be more convenient, but it presents a security risk. Normal service account passwords should expire in accordance with the organizations user password expiration policy. Create a reminder to change the service account's password two weeks before it will expire. Share the reminder with others that are allowed to change the password to ensure the password is changed before it expires.
@@ -159,16 +159,16 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane
-1. Right-click **Group Policy object** and select **New**
-1. Type **NDES Service Rights** in the name box and select **OK**
-1. In the content pane, right-click the **NDES Service Rights** Group Policy object and select **Edit**
-1. In the navigation pane, expand **Policies** under **Computer Configuration**
-1. Expand **Windows Settings > Security Settings > Local Policies**. Select **User Rights Assignments**
-1. In the content pane, double-click **Allow log on locally**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** twice
-1. In the content pane, double-click **Log on as a batch job**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Performance Log Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** twice
-1. In the content pane, double-click **Log on as a service**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **NT SERVICE\ALL SERVICES;DOMAINNAME\NDESSvc** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** three times
-1. Close the **Group Policy Management Editor**
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+1. Right-click **Group Policy object** and select **New**.
+1. Type **NDES Service Rights** in the name box and select **OK**.
+1. In the content pane, right-click the **NDES Service Rights** Group Policy object and select **Edit**.
+1. In the navigation pane, expand **Policies** under **Computer Configuration**.
+1. Expand **Windows Settings > Security Settings > Local Policies**. Select **User Rights Assignments**.
+1. In the content pane, double-click **Allow log on locally**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** twice.
+1. In the content pane, double-click **Log on as a batch job**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Performance Log Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** twice.
+1. In the content pane, double-click **Log on as a service**. Select **Define these policy settings** and select **OK**. Select **Add User or Group...**. In the **Add User or Group** dialog box, select **Browse**. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **NT SERVICE\ALL SERVICES;DOMAINNAME\NDESSvc** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**. Select **OK** three times.
+1. Close the **Group Policy Management Editor**.
 
 ### Configure security for the NDES Service User Rights Group Policy object
 
@@ -176,11 +176,11 @@ The best way to deploy the **NDES Service User Rights** Group Policy object is t
 
 Sign-in to a domain controller or management workstation with access equivalent to *domain administrator*.
 
-1. Start the **Group Policy Management Console** (gpmc.msc)
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane
-1. Double-click the **NDES Service User Rights** Group Policy object
-1. In the **Security Filtering** section of the content pane, select **Add**. Type **NDES Servers** or the name of the security group you previously created and select **OK**
-1. Select the **Delegation** tab. Select **Authenticated Users** and select **Advanced**
+1. Start the **Group Policy Management Console** (gpmc.msc).
+1. Expand the domain and select the **Group Policy Object** node in the navigation pane.
+1. Double-click the **NDES Service User Rights** Group Policy object.
+1. In the **Security Filtering** section of the content pane, select **Add**. Type **NDES Servers** or the name of the security group you previously created and select **OK**.
+1. Select the **Delegation** tab. Select **Authenticated Users** and select **Advanced**.
 1. In the **Group or User names** list, select **Authenticated Users**. In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**
 
 ### Deploy the NDES Service User Rights Group Policy object
@@ -228,20 +228,20 @@ NDES uses a server authentication certificate to authenticate the server endpoin
 
 Sign-in to the issuing certificate authority or management workstations with *Domain Admin* equivalent credentials.
 
-1. Open the **Certificate Authority** management console
-1. Right-click **Certificate Templates** and select **Manage**
-1. In the **Certificate Template Console**, right-click the **Computer** template in the details pane and select **Duplicate Template**
-1. On the **General** tab, type **NDES-Intune Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs
+1. Open the **Certificate Authority** management console.
+1. Right-click **Certificate Templates** and select **Manage**.
+1. In the **Certificate Template Console**, right-click the **Computer** template in the details pane and select **Duplicate Template**.
+1. On the **General** tab, type **NDES-Intune Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
 
    > [!NOTE]
-   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab
-1. On the **Subject** tab, select **Supply in the request**
-1. On the **Cryptography** tab, validate the **Minimum key size** is **2048**
-1. On the **Security** tab, select **Add**
-1. Select **Object Types**, then in the window that appears, choose **Computers** and select **OK**
-1. Type **NDES server** in the **Enter the object names to select** text box and select **OK**
-1. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes aren't already cleared. Select **OK**
-1. Select on the **Apply** to save changes and close the console
+   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+1. On the **Subject** tab, select **Supply in the request**.
+1. On the **Cryptography** tab, validate the **Minimum key size** is **2048**.
+1. On the **Security** tab, select **Add**.
+1. Select **Object Types**, then in the window that appears, choose **Computers** and select **OK**.
+1. Type **NDES server** in the **Enter the object names to select** text box and select **OK**.
+1. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes aren't already cleared. Select **OK**.
+1. Select on the **Apply** to save changes and close the console.
 
 ### Create a Microsoft Entra joined Windows Hello for Business authentication certificate template
 
@@ -249,21 +249,21 @@ During Windows Hello for Business provisioning,  Windows requests an authenticat
 
 Sign in a certificate authority or management workstations with *Domain Admin equivalent* credentials.
 
-1. Open the **Certificate Authority** management console
-1. Right-click **Certificate Templates** and select **Manage**
-1. Right-click the **Smartcard Logon** template and choose **Duplicate Template**
-1. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list
-1. On the **General** tab, type **ENTRA JOINED WHFB Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs
+1. Open the **Certificate Authority** management console.
+1. Right-click **Certificate Templates** and select **Manage**.
+1. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
+1. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certificate Recipient** list.
+1. On the **General** tab, type **ENTRA JOINED WHFB Authentication** in **Template display name**. Adjust the validity and renewal period to meet your enterprise's needs.
 
    > [!NOTE]
    > If you use different template names, you'll need to remember and substitute these names in different portions of the deployment
-1. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list
-1. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**
-1. On the **Subject** tab, select **Supply in the request**
-1. On the **Request Handling** tab, select **Signature and encryption** from the **Purpose** list. Select the **Renew with same key** check box. Select **Enroll subject without requiring any user input**
-1. On the **Security** tab, select **Add**. Type **NDESSvc** in the **Enter the object names to select** text box and select **OK**
-1. Select  **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes aren't already cleared. Select **OK**
-1. Close the console
+1. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list.
+1. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
+1. On the **Subject** tab, select **Supply in the request**.
+1. On the **Request Handling** tab, select **Signature and encryption** from the **Purpose** list. Select the **Renew with same key** check box. Select **Enroll subject without requiring any user input**.
+1. On the **Security** tab, select **Add**. Type **NDESSvc** in the **Enter the object names to select** text box and select **OK**.
+1. Select **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes aren't already cleared. Select **OK**.
+1. Close the console.
 
 ### Publish certificate templates
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 59a927977d..83225fbf4b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -1,7 +1,7 @@
 ---
 title: Configure single sign-on (SSO) for Microsoft Entra joined devices
 description: Learn how to configure single sign-on to on-premises resources for Microsoft Entra joined devices, using Windows Hello for Business.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
@@ -150,14 +150,16 @@ The web server is ready to host the CRL distribution point. Now, configure the i
 1. In the navigation pane, right-click the name of the certificate authority and select **Properties**
 1. Select **Extensions**. On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list
 1. On the **Extensions** tab, select **Add**. Type <b>http://crl.[domainname]/cdp/</b> in **location**. For example, `<http://crl.corp.contoso.com/cdp/>` or `<http://crl.contoso.com/cdp/>` (don't forget the trailing forward slash)
-    ![CDP New Location dialog box.](images/aadj/cdp-extension-new-location.png)
-1. Select **\<CaName>** from the **Variable** list and select **Insert**. Select **\<CRLNameSuffix>** from the **Variable** list and select **Insert**. Select **\<DeltaCRLAllowed>** from the **Variable** list and select **Insert**
-1. Type **.crl** at the end of the text in **Location**. Select **OK**
-1. Select the CDP you just created
+
+   ![CDP New Location dialog box.](images/aadj/cdp-extension-new-location.png)
+1. Select **\<CaName>** from the **Variable** list and select **Insert**. Select **\<CRLNameSuffix>** from the **Variable** list and select **Insert**. Select **\<DeltaCRLAllowed>** from the **Variable** list and select **Insert**.
+1. Type **.crl** at the end of the text in **Location**. Select **OK**.
+1. Select the CDP you just created.
+
     ![CDP complete http.](images/aadj/cdp-extension-complete-http.png)
-1. Select **Include in CRLs. Clients use this to find Delta CRL locations**
-1. Select **Include in the CDP extension of issued certificates**
-1. Select **Apply** save your selections. Select **No** when ask to restart the service
+1. Select **Include in CRLs. Clients use this to find Delta CRL locations**.
+1. Select **Include in the CDP extension of issued certificates**.
+1. Select **Apply** save your selections. Select **No** when ask to restart the service.
 
 > [!NOTE]
 > Optionally, you can remove unused CRL distribution points and publishing locations.
@@ -170,7 +172,8 @@ The web server is ready to host the CRL distribution point. Now, configure the i
 1. On the **Extensions** tab, select **Add**. Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share). For example, **\\\app\cdp$\\** (don't forget the trailing backwards slash)
 1. Select **\<CaName>** from the **Variable** list and select **Insert**. Select **\<CRLNameSuffix>** from the **Variable** list and select **Insert**. Select **\<DeltaCRLAllowed>** from the **Variable** list and select **Insert**
 1. Type **.crl** at the end of the text in **Location**. Select **OK**
-1. Select the CDP you just created
+1. Select the CDP you just created.
+
     ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 1. Select **Publish CRLs to this location**
 1. Select **Publish Delta CRLs to this location**
@@ -178,10 +181,10 @@ The web server is ready to host the CRL distribution point. Now, configure the i
 
 #### Publish a new CRL
 
-1. On the issuing certificate authority, sign-in as a local administrator. Start the **Certificate Authority** console from **Administrative Tools**
+1. On the issuing certificate authority, sign-in as a local administrator. Start the **Certificate Authority** console from **Administrative Tools**.
 1. In the navigation pane, right-click **Revoked Certificates**, hover over **All Tasks**, and select **Publish**
-    ![Publish a New CRL.](images/aadj/publish-new-crl.png)
-1. In the **Publish CRL** dialog box, select **New CRL** and select **OK**
+    ![Publish a New CRL.](images/aadj/publish-new-crl.png).
+1. In the **Publish CRL** dialog box, select **New CRL** and select **OK**.
 
 #### Validate CDP Publishing
 
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
index 8e1d1411a3..2d52ce35bd 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
@@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business authentication works
 description: Learn about the Windows Hello for Business authentication flows.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: reference
 ---
 # Windows Hello for Business authentication
@@ -19,11 +19,11 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.|
+|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to LSASS. LSASS passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider.|
 |B | The Cloud AP provider requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce. The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Microsoft Entra ID.|
 |C | Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. Microsoft Entra ID then validates the returned signed nonce, and creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.|
 |D | The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.|
-|E | The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT, and informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
+|E | The Cloud AP provider returns a successful authentication response to LSASS. LSASS caches the PRT, and informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
 
 ## Microsoft Entra join authentication to Active Directory using cloud Kerberos trust
 
@@ -31,7 +31,7 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller.
+|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in LSASS, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller.
 |B | After locating a domain controller, the Kerberos provider sends a partial TGT that it received from Microsoft Entra ID from a previous Microsoft Entra authentication to the domain controller. The partial TGT contains only the user SID, and it's signed by Microsoft Entra Kerberos. The domain controller verifies that the partial TGT is valid. On success, the KDC returns a TGT to the client.|
 
 ## Microsoft Entra join authentication to Active Directory using a key
@@ -40,9 +40,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates a domain controller, the provider uses the private key to sign the Kerberos preauthentication data.|
+|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in LSASS, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates a domain controller, the provider uses the private key to sign the Kerberos preauthentication data.|
 |B | The Kerberos provider sends the signed preauthentication data and its public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed preauthentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it's cached and used for subsequent service ticket requests.|
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to LSASS, where it's cached and used for subsequent service ticket requests.|
 
 > [!NOTE]
 > You might have an on-premises domain federated with Microsoft Entra ID. Once you have successfully provisioned Windows Hello for Business PIN/Bio on the Microsoft Entra joined device, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Microsoft Entra ID to get PRT and trigger authenticate against your DC (if LOS to DC is available) to get Kerberos. It no longer uses AD FS to authenticate for Windows Hello for Business sign-ins.
@@ -53,9 +53,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in lsass, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider uses the private key to sign the Kerberos preauthentication data.|
+|A | Authentication to Active Directory from a Microsoft Entra joined device begins with the user first attempts to use a resource that needs Kerberos authentication. The Kerberos security support provider, hosted in LSASS, uses information from the certificate to get a hint of the user's domain. Kerberos can use the distinguished name of the user found in the subject of the certificate, or it can use the user principal name of the user found in the subject alternate name of the certificate. Using the hint, the provider uses the DClocator service to locate a domain controller. After the provider locates an active domain controller, the provider uses the private key to sign the Kerberos preauthentication data.|
 |B | The Kerberos provider sends the signed preauthentication data and  user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate isn't self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and hasn't been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed preauthentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
-|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to lsass, where it's cached and used for subsequent service ticket requests.|
+|C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating. After passing this criteria, Kerberos returns the TGT to LSASS, where it's cached and used for subsequent service ticket requests.|
 
 > [!NOTE]
 > You may have an on-premises domain federated with Microsoft Entra ID. Once you have successfully provisioned Windows Hello for Business PIN/Bio on, any future login of Windows Hello for Business (PIN/Bio) sign-in will directly authenticate against Microsoft Entra ID to get PRT, as well as authenticate against your DC (if LOS to DC is available) to get Kerberos as mentioned previously. AD FS federation is used only when Enterprise PRT calls are placed from the client. You need to have device write-back enabled to get "Enterprise PRT" from your federation.
@@ -66,11 +66,11 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to lsass. Lsass queries Windows Hello for Business policy to check if cloud Kerberos trust is enabled. If cloud Kerberos trust is enabled, Lsass passes the collected credentials to the Cloud Authentication security support provider, or Cloud AP. Cloud AP requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.
+|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to LSASS. LSASS queries Windows Hello for Business policy to check if cloud Kerberos trust is enabled. If cloud Kerberos trust is enabled, LSASS passes the collected credentials to the Cloud Authentication security support provider, or Cloud AP. Cloud AP requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.
 |B | Cloud AP signs the nonce using the user's private key and returns the signed nonce to Microsoft Entra ID.
 |C | Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Microsoft Entra ID then validates the returned signed nonce. After validating the nonce, Microsoft Entra ID creates a PRT with session key that is encrypted to the device's transport key and creates a Partial TGT from Microsoft Entra Kerberos and returns them to Cloud AP.
-|D | Cloud AP  receives the encrypted PRT with session key. Using the device's private transport key, Cloud AP decrypts the session key and protects the session key using the device's TPM (if available). Cloud AP returns a successful authentication response to lsass. Lsass caches the PRT and the Partial TGT.
-|E | The Kerberos security support provider, hosted in lsass, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller. After locating an active domain controller, the Kerberos provider sends the partial TGT that it received from Microsoft Entra ID to the domain controller. The partial TGT contains only the user SID and is signed by Microsoft Entra Kerberos. The domain controller verifies that the partial TGT is valid. On success, the KDC returns a TGT to the client. Kerberos returns the TGT to lsass, where it's cached and used for subsequent service ticket requests. Lsass informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
+|D | Cloud AP  receives the encrypted PRT with session key. Using the device's private transport key, Cloud AP decrypts the session key and protects the session key using the device's TPM (if available). Cloud AP returns a successful authentication response to LSASS. LSASS caches the PRT and the Partial TGT.
+|E | The Kerberos security support provider, hosted in LSASS, uses metadata from the Windows Hello for Business key to get a hint of the user's domain. Using the hint, the provider uses the DClocator service to locate a domain controller. After locating an active domain controller, the Kerberos provider sends the partial TGT that it received from Microsoft Entra ID to the domain controller. The partial TGT contains only the user SID and is signed by Microsoft Entra Kerberos. The domain controller verifies that the partial TGT is valid. On success, the KDC returns a TGT to the client. Kerberos returns the TGT to LSASS, where it's cached and used for subsequent service ticket requests. LSASS informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
 
 ## Microsoft Entra hybrid join authentication using a key
 
@@ -78,13 +78,13 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
+|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to LSASS. LSASS passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
 |B | The Kerberos provider sends the signed preauthentication data and the user's public key (in the form of a self-signed certificate) to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate is a self-signed certificate. It retrieves the public key from the certificate included in the KERB_AS_REQ and searches for the public key in Active Directory. It validates the UPN for authentication request matches the UPN registered in Active Directory and validates the signed preauthentication data using the public key from Active Directory. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
 |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating.
-|D | After passing this criteria, Kerberos returns the TGT to lsass, where it's cached and used for subsequent service ticket requests.|
-|E | Lsass informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
-|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.|
-|G |  The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Microsoft Entra ID. Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Microsoft Entra ID then validates the returned signed nonce. After validating the nonce, Microsoft Entra ID creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
+|D | After passing this criteria, Kerberos returns the TGT to LSASS, where it's cached and used for subsequent service ticket requests.|
+|E | LSASS informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
+|F | While Windows loads the user's desktop, LSASS passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.|
+|G |  The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Microsoft Entra ID. Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Microsoft Entra ID then validates the returned signed nonce. After validating the nonce, Microsoft Entra ID creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to LSASS. LSASS caches the PRT.|
 
 > [!IMPORTANT]
 > In the above deployment model, a newly provisioned user will not be able to sign in using Windows Hello for Business until (a) Microsoft Entra Connect successfully synchronizes the public key to the on-premises Active Directory and (b) device has line of sight to the domain controller for the first time.
@@ -95,13 +95,13 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 | Phase  | Description  |
 | :----: | :----------- |
-|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to lsass. Lsass passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
+|A | Authentication begins when the user dismisses the lock screen, which triggers Winlogon to show the Windows Hello for Business credential provider. The user provides their Windows Hello gesture (PIN or biometrics). The credential provider packages these credentials and returns them to Winlogon. Winlogon passes the collected credentials to LSASS. LSASS passes the collected credentials to the Kerberos security support provider. The Kerberos provider gets domain hints from the domain joined workstation to locate a domain controller for the user.|
 |B | The Kerberos provider sends the signed preauthentication data and  user's certificate, which includes the public key, to the Key Distribution Center (KDC) service running on the domain controller in the form of a KERB_AS_REQ.<br>The domain controller determines the certificate isn't self-signed certificate. The domain controller ensures the certificate chains to trusted root certificate, is within its validity period, can be used for authentication, and hasn't been revoked. It retrieves the public key and UPN from the certificate included in the KERB_AS_REQ and searches for the UPN in Active Directory. It validates the signed preauthentication data using the public key from the certificate. On success, the KDC returns a TGT to the client with its certificate in a KERB_AS_REP.|
 |C | The Kerberos provider ensures it can trust the response from the domain controller. First, it ensures the KDC certificate chains to a root certificate that is trusted by the device. Next, it ensures the certificate is within its validity period and that it hasn't been revoked. The Kerberos provider then verifies the certificate has the KDC Authentication present and that the subject alternate name listed in the KDC's certificate matches the domain name to which the user is authenticating.
-|D | After passing this criteria, Kerberos returns the TGT to lsass, where it's cached and used for subsequent service ticket requests.|
-|E | Lsass informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
-|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.|
-|G |  The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Microsoft Entra ID. Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Microsoft Entra ID then validates the returned signed nonce. After validating the nonce, Microsoft Entra ID creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
+|D | After passing this criteria, Kerberos returns the TGT to LSASS, where it's cached and used for subsequent service ticket requests.|
+|E | LSASS informs Winlogon of the success authentication. Winlogon creates a logon session, loads the user's profile, and starts explorer.exe.|
+|F | While Windows loads the user's desktop, LSASS passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Microsoft Entra ID. Microsoft Entra ID returns a nonce.|
+|G |  The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Microsoft Entra ID. Microsoft Entra ID validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Microsoft Entra ID then validates the returned signed nonce. After validating the nonce, Microsoft Entra ID creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.<br>The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.<br>The Cloud AP provider returns a successful authentication response to LSASS. LSASS caches the PRT.|
 
 > [!IMPORTANT]
-> In the above deployment model, a **newly provisioned** user will not be able to sign in using Windows Hello for Business unless the device has line of sight to the domain controller.
+> In this deployment model, a **newly provisioned** user will not be able to sign in using Windows Hello for Business unless the device has line of sight to the domain controller.
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
index b066524e2f..fcc17cd4d5 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
@@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business provisioning works
 description: Learn about the provisioning flows for Windows Hello for Business.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: reference
 appliesto:
 ---
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index 659f4a0e25..e9dcd47589 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business works
 description: Learn how Windows Hello for Business works, and how it can help you protect your organization.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: concept-article
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/index.md b/windows/security/identity-protection/hello-for-business/index.md
index d7af366d19..e51ecfc56e 100644
--- a/windows/security/identity-protection/hello-for-business/index.md
+++ b/windows/security/identity-protection/hello-for-business/index.md
@@ -2,7 +2,7 @@
 title: Windows Hello for Business overview
 description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on Windows devices.
 ms.topic: overview
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ---
 
 # Windows Hello for Business
diff --git a/windows/security/identity-protection/hello-for-business/multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/multifactor-unlock.md
index b11627e5b7..426ed39d72 100644
--- a/windows/security/identity-protection/hello-for-business/multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/multifactor-unlock.md
@@ -1,7 +1,7 @@
 ---
 title: Multi-factor unlock
 description: Learn how to configure Windows Hello for Business multi-factor unlock by extending Windows Hello with trusted signals.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/pin-reset.md b/windows/security/identity-protection/hello-for-business/pin-reset.md
index aabf1fc5f2..37c48ea01c 100644
--- a/windows/security/identity-protection/hello-for-business/pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/pin-reset.md
@@ -1,7 +1,7 @@
 ---
 title: PIN reset
 description: Learn how Microsoft PIN reset service enables your users to recover a forgotten Windows Hello for Business PIN, and how to configure it.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 
@@ -13,8 +13,8 @@ This article describes how *Microsoft PIN reset service* enables your users to r
 
 Windows Hello for Business provides the capability for users to reset forgotten PINs. There are two forms of PIN reset:
 
-- *Destructive PIN reset*: the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new sign in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration
-- *Non-destructive PIN reset*: the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For nondestructive PIN reset, you must deploy the *Microsoft PIN reset service* and configure your clients' policy to enable the *PIN recovery* feature
+- *Destructive PIN reset*: The user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new sign in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
+- *Non-destructive PIN reset*: The user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For nondestructive PIN reset, you must deploy the *Microsoft PIN reset service* and configure your clients' policy to enable the *PIN recovery* feature.
 
 ## How nondestructive PIN reset works
 
diff --git a/windows/security/identity-protection/hello-for-business/policy-settings.md b/windows/security/identity-protection/hello-for-business/policy-settings.md
index 300d58e123..3a54d69597 100644
--- a/windows/security/identity-protection/hello-for-business/policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/policy-settings.md
@@ -2,7 +2,7 @@
 title: Windows Hello for Business policy settings
 description: Learn about the policy settings to configure Configure Windows Hello for Business.
 ms.topic: reference
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ---
 
 # Windows Hello for Business policy settings
diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
index d685983a32..234d305178 100644
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@@ -1,7 +1,7 @@
 ---
 title: WebAuthn APIs
 description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
-ms.date: 04/23/2024
+ms.date: 11/22/2024
 ms.topic: how-to
 ---
 # WebAuthn APIs for passwordless authentication on Windows
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 494d9a4978..f7dbf10cd7 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -2,7 +2,7 @@
 title: Remote Credential Guard
 description: Learn how Remote Credential Guard helps to secure Remote Desktop credentials by never sending them to the target device.
 ms.topic: how-to
-ms.date: 03/12/2024
+ms.date: 11/11/2024
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
index 39be442f55..15119bdf05 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
@@ -7,7 +7,7 @@ ms.date: 06/18/2024
 
 # Network Unlock
 
-Network Unlock is a BitLocker *key protector* for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. Network Unlock requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by `TPM+PIN` protectors require a PIN to be entered when a device reboots or resumes from hibernation (for example, by Wake on LAN). Requiring a PIN after a reboot can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
+Network Unlock is a BitLocker *key protector* for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. Network Unlock requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by `TPM+PIN` protectors require a PIN to be entered when a device reboots or resumes from hibernation (for example, by Wake on LAN). Requiring a PIN after a reboot can make it difficult for enterprises to roll out software patches to unattended desktops and remotely administered servers.
 
 Network Unlock allows BitLocker-enabled systems that have a `TPM+PIN` and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the `TPM+StartupKey` at boot. Rather than needing to read the StartupKey from USB media, however, the Network Unlock feature needs the key to be composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
 
@@ -248,7 +248,7 @@ The following steps describe how to deploy the required group policy setting:
 
 By default, all clients with the correct Network Unlock certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which are the subnet(s) the Network Unlock clients can use to unlock.
 
-The configuration file, called `bde-network-unlock.ini`, must be located in the same directory as the Network Unlock provider DLL (`%windir%\System32\Nkpprov.dll`) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider fails and stops responding to requests.
+The configuration file called `bde-network-unlock.ini`, must be located in the same directory as the Network Unlock provider DLL (`%windir%\System32\Nkpprov.dll`) and it applies to both IPv6 and IPv4 DHCP implementations. If the subnet configuration policy becomes corrupted, the provider fails and stops responding to requests.
 
 The subnet policy configuration file must use a `[SUBNETS]` section to identify the specific subnets. The named subnets may then be used to specify restrictions in certificate subsections. Subnets are defined as simple name-value pairs, in the common INI format, where each subnet has its own line, with the name on the left of the equal-sign, and the subnet identified on the right of the equal-sign as a Classless Inter-Domain Routing (CIDR) address or range. The key word `ENABLED` is disallowed for subnet names.
 
@@ -299,6 +299,8 @@ To update the certificates used by Network Unlock, administrators need to import
 Troubleshooting Network Unlock issues begins by verifying the environment. Many times, a small configuration issue can be the root cause of the failure. Items to verify include:
 
 - Verify that the client hardware is UEFI-based and is on firmware version 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Verification can be done by checking that the firmware doesn't have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware doesn't appear to be in a BIOS-like mode
+- If client hardware is a Secure Core device, you may need to disable Secure Core functionality
+
 - All required roles and services are installed and started
 - Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **`HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\FVE_NKP`** on the client computer
 - Group policy for Network Unlock is enabled and linked to the appropriate domains